OpenSSH issue, sort of

der.hans PLUGd at LuftHans.com
Thu May 21 11:34:20 MST 2009


moin moin,

http://news.zdnet.co.uk/security/0,1000000189,39653852,00.htm

So, there's a chance that an attacker can see 4 bytes of text from an SSH
session. We already talked about this or something like it recently.

The article notes that the problem can be avoided by "using AES in counter
mode (CTR) to encrypt, instead of cipher-block chaining mode (CBC)."

Something else we can do is work to prevent brute-force attacks and replay
attacks.

It looks like this handles single IP brute force attackѕ. That's good, but
doesn't help with distributed attacks.

shguard - protects from brute force attacks against ssh

Looks like this is about the same, but handles lots of other services as
well.

fail2ban - bans IPs that cause multiple authentication errors

Is there a tool that looks for and blocks distributed attacks, but
auto-whitelists IPs that actually authed correctly?

Anything for blocking replay attacks?

Remember to disable remote connection for root.

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
#  "The purpose of IT is to seamlessly and transparently provide the other
#  9/10's of the iceberg for people who need to work with chunks
#  of floating ice." -- Strata Rose Chalup


More information about the PLUG-discuss mailing list