Wednesday, December 24, 2008

Discouraging brute force SSH login attempts

We have an appliance that offers site-to-site VPN and firewall protection where the connections are built based on business logic (using the business intentions to drive network configurations).

One of the problems with appliances (any devices that you need remote access to) is that ssh (an encrypted mechanism for remote terminal access) has been subject to pervasive brute-force attacks with common usernames and dictionary passwords.

Of course choosing a suitable password and username combination makes you pretty safe from these attacks, but your device still gets bombarded with ssh attempts which fill up the logs and use up your bandwidth.

A solution that we employ is to have a blacklist that notices people who attempt to connect to ports other than those that the appliance specifically listens on.  This also has a rate limiter on ssh connection attempts to dissuade these connection attempts.  Our appliances also connect to 3com and cisco edge-routers so we have to manage ssh access there as well.

Slashdot today has an article with a number of suggestions on ways of getting around these.

No comments:

Post a Comment