SSH password attacks on the rise

Looks like SSH brute force password attacks are on the rise, and they seem to be pretty successful.  This is according to Daniel Wesemann over at SANS Internet Storm Center, who reported it last Friday.  And Daniel wants to make sure everyone knows about this and takes this seriously by pointing it out with the following warning:

If you are running any SSH server open to the Internet, and your usernames and passwords aren't at least 8 characters or so, your box is either owned by now, or about to be. It doesn't matter one bit what sort of device it is - those who run these scans have proven to be equally apt at taking over a Cisco router as they are at subverting an iMac.

Daniel follows that up by pointing out a lot of common-sense type of security measures (and yes, some are security-by-obscurity).  All the basics like filtering what IP's can get to the SSH box, use hard to guess usernames and passwords, scan your network, change your ports, etc.

I like to use VPN's to manage gear so I can get at it from the inside, which lets me turn off the Internet-facing stuff.  Of course, that doesn't help if the box you are trying to manage is your VPN box or your firewall that passes the VPN traffic on, but you get what I am saying.

You might balk on the "hard to guess username" above.  Here's a quote from the post:

A reader, whose systems at a community college had kept getting hammered, had the following anecdote to share: "No matter how hard we try, users keep picking bad passwords. So we decided to give them difficult to guess usernames. If a user's ID is @455%userid, it doesn't matter much anymore how dumb his password is!"

I laughed at that when I first read it, but then I started thinking about how difficult that environment would be to actually get your job done.  But I digress...

There is also a link that gives some pointers on securing SSH.

So basically, they are saying to take this seriously.  Manage your risk.  Take a look at what you have out there.  Make sure you know what services are running.  Disable anything you don't need.  Secure your stuff.  Keep working.


Copyright © 2009 IDG Communications, Inc.

Shop Tech Products at Amazon