[ILUG] SSH dictionary attacks.
Aine Douglas
aine.douglas at gmail.com
Wed Aug 23 14:20:55 IST 2006
On 8/23/06, Colm MacCarthaigh <colm at stdlib.net> wrote:
> On Wed, Aug 23, 2006 at 01:38:13PM +0100, Gavin McCullagh wrote:
> > On Wed, 23 Aug 2006, Aine Douglas wrote:
> >
> > > I'm really interested in trying out Colm's portknocking idea... that
> > > has huge possibilities.
> >
> > It could be generalised such that you could use a sequence of knocks on
> > different ports mapped to keystrokes. A sort of "port password" sent
> > unencrypted across the network.
>
> And it would be equally prone to dictionary attack, and a zillion times
> more prone to trivial packet sniffing attack. It only works because of
> its relative obscurity.
I'm curious now.... the dictionary attacks I've witnessed this morning
all came from Korea. My ISP is the same Irish ISP that the server I
connected to is hosted on. Exactly how would the world of dictionary
attackers, esp those in Korea packet sniff my port knocking?
> Portnocking requires port-reachability to a series of ports, which you
> may or may not get through some site firewall, but wouldn't it just be
> easier to run ssh on a port other than 22?
In the absence of being able to packetsniff, my Korean friends would
determine that one with a portscan.
> Less overhead, less complex, same result.
Less secure ;-)
Aine.
More information about the ILUG
mailing list