SSH Brute Force attempts
Igor Mozolevsky
igor at hybrid-lab.co.uk
Tue Sep 30 16:15:50 UTC 2008
2008/9/30 Oliver Fromme <olli at lurza.secnetix.de>:
>
> Bill Moran wrote:
> > In response to Oliver Fromme <olli at lurza.secnetix.de>:
> > > Pierre Riteau wrote:
> > >
> > > > Because the 3-way handshake ensures that the source address is not being
> > > > spoofed, more aggressive action can be taken based on these limits.
> > >
> > > s/not being spoofed/more difficult to spoofe/ ;-)
> >
> > On a modern OS (like FreeBSD) where ISNs are random, the possibility of
> > blindly spoofing an IP during a 3-way handshake is so low as to be
> > effectively impossible.
>
> It depends a lot on the environment, for example whether
> the attacker has access (or can somehow get access) to
> the server's uplink and trace packets. This can happen
> if the server is located with many other servers on the
> same network, which is often the case for co-location
> or so-called root servers.
Yes, but in that situation you probably have the capacity to inject
enough traffic into the pipe to cause a total blackout...
> Of course, if the network is regarded "secure", then
> you are right. Spoofing a TCP handshake would be very
> difficult in that case. (I try to avoid the word
> "impossible". Nothing is impossible, especially in
> the security business.)
Security is always about the balance between the effort+risk to you vs
the effort+benefit to the attacker...
--
Igor
More information about the freebsd-hackers
mailing list