[svlug] What to do about ssh hack attempts?
msalists at gmx.net
Thu Feb 2 10:41:08 PST 2006
Ok, in order to learn something out of this discussion:
Does anybody know a link to a good documentation that explains the various options (both what and how)?
> -----Original Message-----
> From: svlug-bounces+msalists=gmx.net at lists.svlug.org
> [mailto:svlug-bounces+msalists=gmx.net at lists.svlug.org] On
> Behalf Of Rick Moen
> Sent: Thursday, February 02, 2006 1:17 AM
> To: svlug at lists.svlug.org
> Subject: Re: [svlug] What to do about ssh hack attempts?
> Quoting Nick Austin (nick at smartaustin.com):
> > Well, if somebody is on your local LAN, DoS attacks are
> already dirt
> > simple. A simple ARP poisoning attack is enough to put you out of
> > business.
> I've actually anticipated and prevented that, believe it or not.
> > Plus, a TCP + SSH spoofing attack is basically infeasible.
> With local LAN sniffing, I rather suspect it's feasible. But
> I was in any event more concerned with the general principle
> about the danger of automated active defences.
> > Although your point about active defense systems triggered
> via UDP in
> > general
> > is well taken. This is one of these protocol + application
> combination that
> > makes this a mute point.
> Could be. ;->
> > Any active defense system that is triggered via UDP is much
> harder to
> > setup correctly. A system that is triggered by TCP is in
> general much
> > more immune to the types of issues you've raised.
> > Thanks!
> You're very welcome. And I do appreciate your thoughtful analysis.
> svlug mailing list
> svlug at lists.svlug.org http://lists.svlug.org/lists/listinfo/svlug
More information about the svlug