Date: Tue, 01 Dec 2009 10:23:00 -0700 From: Brett Glass <brett@lariat.org> To: freebsd-security@freebsd.org Subject: Increase in SSH attacks as of announcement of rtld bug Message-ID: <200912011724.KAA10851@lariat.net> In-Reply-To: <200912010522.WAA03022@lariat.net> References: <200912010120.nB11Kjm9087476@freefall.freebsd.org> <200912010522.WAA03022@lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Everyone: I don't know if it's a coincidence, but I doubt it is: Since the announcement of the rtld bug, we've seen a precipitous increase in the number of SSH password guessing attacks on our systems. Apparently, the folks who are mounting the attacks (usually via botnets) have realized that if they get into user shell account on an unpatched system, they have effectively broken root. It would be wise for all FreeBSD system administrators to set AllowUsers as restrictively as possible in sshd_config, and also (because the attacks can take a great toll on servers in terms of CPU and other resources) consider other changes to "armor" their systems against SSH attacks. It may be time, in fact, to consider implementing single packet authentication as the default in SSH servers and as a built-in feature in SSH clients. (Does anyone know of a good SSH client that integrates a single packet authentication system -- e.g. fwknop? I'm already seeking sources and a toolchain so that I can try my hand at doing this for TeraTerm.) --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912011724.KAA10851>