On Wednesday 28 June 2006 21:08, David Guest wrote: > Ian Cheong wrote: > > When comparing port knocking to RSA keys: > > 3 knocks from 65536 possible ports results in probability of guessing > > at 1 in 2.8 x10^^14. > > 512-bit RSA key results in probability of guessing at 1 in 1.34x10^^154. > > 1024-bit RSA key default in ssh-keygen results in a very low > > probability (try squaring the number on the last line) of a brute > > force attack. > > Before I closed port 22 I used to get about 300 to 400 attempts per day. > They were all 'root' or firstname user names with blank passwords (or > occasionally "admin", "root", etc.). > > As per your link, knockd has a low overhead and I see it installs as a > deb package. For a three port knock the 50% chance of a successful > connection is one in 9 trillion. That'll do me. > > > I guess that's why port knocking is reported as not quite taking off > > yet in the security community. > > http://en.wikipedia.org/wiki/Port_knocking > > I see the Linksys WRT54G has a one port knock available in its GUI > interface. I suspect this is more for IRC, MSN, and active FTP but at a > pinch you could also use it for ssh. > > David I use fail2ban and then RSA keys. fail2ban even locks me out if i stuff up, and I have to wait 10 minutes to get in too. the bots have moved on by then I've had 5 individual bots call in the last 24 hours on home, and one came back after two hours (rare event for any duplicate ip addresses - i've never seen that before)
-- BOFH excuse #129: The ring needs another token _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
