[svlug] What to do about ssh hack attempts?

[Mark]

Ok, in order to learn something out of this discussion:
Does anybody know a link to a good documentation that explains the various options (both what and how)?

Thanks,

MARK

> -----Original Message-----
> From: svlug-bounces+msalists=gmx.net at lists.svlug.org 
> [mailto:svlug-bounces+msalists=gmx.net at lists.svlug.org] On 
> Behalf Of Rick Moen
> Sent: Thursday, February 02, 2006 1:17 AM
> To: svlug at lists.svlug.org
> Subject: Re: [svlug] What to do about ssh hack attempts?
> 
> 
> Quoting Nick Austin (nick at smartaustin.com):
> 
> > Well, if somebody is on your local LAN, DoS attacks are 
> already dirt 
> > simple. A simple ARP poisoning attack is enough to put you out of 
> > business.
> 
> I've actually anticipated and prevented that, believe it or not.
> 
> > Plus, a TCP + SSH spoofing attack is basically infeasible.
> 
> With local LAN sniffing, I rather suspect it's feasible.  But 
> I was in any event more concerned with the general principle 
> about the danger of automated active defences.
> 
> > Although your point about active defense systems triggered 
> via UDP in 
> > general
> > is well taken.  This is one of these protocol + application 
> combination that 
> > makes this a mute point.
> 
> Could be.  ;->
> 
> > Any active defense system that is triggered via UDP is much 
> harder to 
> > setup correctly. A system that is triggered by TCP is in 
> general much 
> > more immune to the types of issues you've raised.
> 
> Granted.
>  
> > Thanks!
> 
> You're very welcome.  And I do appreciate your thoughtful analysis.
> 
> 
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org http://lists.svlug.org/lists/listinfo/svlug
>