On Sat, Aug 23, 2008 at 5:00 AM, Victor Ananjevsky <[EMAIL PROTECTED]> wrote: > В Thu, 21 Aug 2008 16:33:51 +0200 > Michael Tautschnig <[EMAIL PROTECTED]> пишет: > >> >> Further, what do you guys do about such attacks? Just sit back and >> hope they don't get hold of any passwords? Any ideas are welcome... >> > > change port from 22 to 11111 or someone you like
But this could break you in places where SSH acess is allowed but other ports not like in academia networks. I have saw some ssh attempts also in other ports instead of 22 trying to detect exactly this changing of port by the administrator. I good option for this kind of attack IMHO is using cracklib in the pam to not allow weak user's password. Also use the same tools from the attackers against your password hash file in shadow/ldap/etc. If the tool recovers the password in a short time the same could happen from the attacker, so you could prevent this by disabling the user until they change the password for a stronger one. Schedule this to happen once or twice a month. This will cost you less time than recovering from a cracked account. > > -- > wbr > > Victor "Ananas" Ananjevsky > Registered Linus user #202480 > Jabber ID: [EMAIL PROTECTED] > [EMAIL PROTECTED] > >
