5 Aug
2022
5 Aug
'22
4:42 p.m.
Interesting. Looks like keys are a risk. But, I still don't
understand, and I don't think the article was clear about, how a brute force
SSH password attack is possible over my very limited network. AT&T's
cheapest plan isn't a very big pipe and I use good passwords. The
attacker would have to have a great deal of luck.
Since I use ssh for personal access, I'm considering looking into a
firewall rule that simply walls out any IP that tries to log in with a
user that isn't my account. Another thing that makes me wonder about
this vector is the successful login wasn't from an account on my system.
It seems to me that the keys/certifcates are being attacked directly.
I've read other articles indicating that there are attackers in the wild doing this.
So, it seems to me that eliminating key/certificate logins from outward
facing systems may buy a lot of extra security. There were keys in my
.ssh directory, but whether I installed them or the attacker did, is not
clear. I wouldn't need them, but it is possible I could have created
them at some point over the last 15 years I've been using this system :)
-Gary
On Fri, Aug 05, 2022 at 03:54:33AM -0600, Linus Sphinx wrote:
Join the club.
https://www.bleepingcomputer.com/news/security/new-linux-malware-brute-forc…
On Tue, Aug 2, 2022 at 12:43 PM Gary <saclug(a)garymcglinn.com> wrote:
> Hi Brian,
>
> Open letter.
>
> I remember years ago you did a presentation on snort.
>
> Do you still like it?
>
> -Gary
>
> _______________________________________________
> Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
>