OpenSSH issue, sort of

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: quatsch
Subject: OpenSSH issue, sort of
moin moin,

http://news.zdnet.co.uk/security/0,1000000189,39653852,00.htm

So, there's a chance that an attacker can see 4 bytes of text from an SSH
session. We already talked about this or something like it recently.

The article notes that the problem can be avoided by "using AES in counter
mode (CTR) to encrypt, instead of cipher-block chaining mode (CBC)."

Something else we can do is work to prevent brute-force attacks and replay
attacks.

It looks like this handles single IP brute force attackѕ. That's good, but
doesn't help with distributed attacks.

shguard - protects from brute force attacks against ssh

Looks like this is about the same, but handles lots of other services as
well.

fail2ban - bans IPs that cause multiple authentication errors

Is there a tool that looks for and blocks distributed attacks, but
auto-whitelists IPs that actually authed correctly?

Anything for blocking replay attacks?

Remember to disable remote connection for root.

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
#  "The purpose of IT is to seamlessly and transparently provide the other
#  9/10's of the iceberg for people who need to work with chunks
#  of floating ice." -- Strata Rose Chalup
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss