|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SSH probes?
Valdis.Kletnieks
vt.edu
Date: Wed May 12 2004 - 09:20:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 12 May 2004 09:03:57 BST, iglope said:
> one time we have : authentication failure;
>
> >May 9 21:35:10 evita sshd(pam_unix)[16374]: check pass; user unknown
> >
> >
> Another we have : check pass; user unknown
> isn't a way to discover a valid user for next brute force session ?
> may be u have to tune your ssh to send the same msg for valid and
> invalid user ?
*You*, as the system admin, are told whether it's a valid userid
with a bad password, or an invalid userid - because your reaction to
the incident may differ based on which it is.
That doesn't mean that the attacker/user *at the far end* is able
to detect the distinction.
Having said that, there *was* an issue with SSH and PAM support a while ago,
where a timing attack would tell you which it was. It shouldn't be an issue if
you're at a current release....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAojKhcC3lWbTT17ARAlsSAKCi6cqOHxs7Ldlkbo4Fzb8sYa6jRACghzaf
oGx1A9PuI6Fn5pb6tsJO3Lw=
=0tIy
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]