Monthly Archives: November 2015
Hack Attack

Security is a Bastard! Only two weeks ago, I did some major upgrades to my
internet server system. I improved especially my root passwords to a 6 digit
random generated one, hoping that it would take a few years to get all the
combinations done with that 3 seconds delay. WRONG WRONG WRONG, but my old
setup was even worse.

It took them 14 Days, on a system with only ssh open! how? Because I was a
naive. The MaxSessions parameter did misslead me a bit to belive that it means
connections but a session is not a connection, so hey, lets open a thousand
connections, and every connection trys 3 passwords, much faster!

So what did I do to prevent this from happening again:

  • Setting the PermitRootLogin back to without password
  • creating a special user who provides me access to su so I can get root in case of key loss
  • the special user has no obvious name, you can guess it.
  • 8 character random generated passwords
  • adding the following iptables rule:

$$code(lang=shell)
iptables -A INPUT -p tcp -m tcp –dport 22
–tcp-flags FIN,SYN,RST,ACK SYN
-m connlimit –connlimit-above 10
–connlimit-mask 32 –connlimit-saddr
-j REJECT –reject-with icmp-port-unreachable
$$/code

And that as a default on all systems. This will work until the next one comes along.

se ya.