[Asterisk-Users] asterisk@home scary log

Derek Whitten derek at kfuq.net
Thu Feb 10 10:41:48 MST 2005 

and make sure that your ssl/ssh is up to date as well.. 

Latest is openssl-0.9.7e / openssh-3.9.x



On Thu, 2005-02-10 at 08:51, Rich Adamson wrote:
> > I had the system setup to allow http and ssh.
> > 
> > The hack came in through ssh.
> 
> For those that aren't heavily involved with security topics, there
> has been many different approachs from many different IP's attempting
> to:
>  a) exploit known ssh holes, and,
>  b) ssh password guessing
> 
> We tend to watch these attempts rather closely through intrusion detection
> tools like snort. As consultants, we are also under retainers to 
> assist other companies with securing their facilities and watching
> for exploits. The exploit attempts happen every single day.
> 
> There are multiple password guessing tools commonly available on
> the Internet. I eval'ed one of the tools and it took five seconds
> to guess a password that was five characters in length. It took an
> hour to guess a password that was eight characters, and around
> twenty-four hours to guess a password that was eight characters made
> up of uppercase, lowercase and non-alpha characters (eg, complex). 
> Regardless, the guessing process is simply how much time does one 
> want to devote to doing it (eg, what's the return value for spending
> the time exploiting a system).
> 
> It doesn't make much difference whether one exposes telnet or ssh.
> Both can be exploited. But, the more complex you make the password,
> the more time-consuming and difficult it is to guess it.
> 
> So, if you must expose either telnet or ssh, make your passwords very
> long and complex. If your O/S has the capability to lockout the account
> after 'xx' failed passwords, then do that. Automatically resetting the
> process after 'y' minutes disrupts the guessing process without the
> hacker knowing it, but still allows you access after that auto reset.
> Using something like seven failed attempts with a five minute reset
> is more then adequate in most cases.
> 
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
Derek Whitten <derek at kfuq.net>
kFuQ Productions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20050210/6f29f977/attachment.pgp

More information about the asterisk-users mailing list