[Info-vax] SSH on VAX - performance impact of break in attempts
Neil Rieck
n.rieck at sympatico.ca
Wed Aug 25 07:13:54 EDT 2010
On Aug 25, 1:53 am, urbancamo <m... at wickensonline.co.uk> wrote:
> Good morning,
>
> I have a VAX running Multinet V5.3 under a hobbyist license which has
> an SSH server running to allow access for selected remote users. I've
> been experiencing a number of break in attempts lately, generally
> lasting for several hours each. Each attempt causes the SSH server to
> utilise 100% CPU for about 20 seconds (on a VAXstation 4000/90) - this
> is having a negative impact for users on overall system performance. I
> am using the SSH2 server.
>
> I have attempted a number of strategies to reduce this impact:
>
> 1. I have defined an AllowUsers list so only named users are allowed.
> 2. I have set AuthInteractiveFailureTimeout to 30 so that there is a
> 30 second delay between login attempts from the same host/session.
> 3. I have set RequiredAuthentications to publickey,password so that
> both a password and a valid public key are required.
>
> Unfortunately none of these strategies reduce the length of 100% CPU
> utilisation for failed login attempts.
>
> If anyone has any suggestions that would be great.
>
> Many thanks, Mark.
I have been seeing this for years on one of my public machines running
TCPware. It is quite amusing and very childish: the far end system
appears to be engaged in a dictionary via SSH and is cycling through
various account names and passwords. Since this is a VMS machine, so
no one has ever been able to break in. My most recent attack came from
Brazil. Either a PING or TRACEROUTE to the sending end is all you need
to stop the attack for a few days.
Neil Rieck
Kitchener / Waterloo / Cambridge,
Ontario, Canada.
http://www3.sympatico.ca/n.rieck/OpenVMS.html
More information about the Info-vax
mailing list