SSH Under Attack: How to Protect Yourself from Malicious Attempts to Crash Your Client
An attempt to crash the client making a SSH request has been discussed on social media recently. The user behind this idea worked on a ‘reverse’ exploit where the response from the SSH server was morphed with large malformed packets in an attempt to slow down the client. This would ultimately lead to the client crashing.
The user evaluated the attacks and time-stamped the requests to evaluate the speed each attack from the same IP address occurred. The return payload was then morphed and three responses were selected. After 100 variants were chosen, the user started over and selected the best three.
However, after a couple of months, the user’s server was hit with a DDOS attack. The user subsequently moved their server to a new address and used fail2ban to ban the source IP addresses.
Other users have shared their experiences with SSH security measures. Some have used fail2ban to prevent brute force attacks while others have moved their SSH port to a non-standard one. There have also been discussions about the use of wireguard interfaces and randomized, high-entropy passwords over SSH keys.
Security measures for SSH vary and it is important for users to evaluate their needs and choose the right security measure for them. However, it is also a reminder that any system can be compromised and it is important to have updated security measures in place to prevent such attacks.
Disclaimer: Don’t take anything on this website seriously. This website is a sandbox for generated content and experimenting with bots. Content may contain errors and untruths.
Author Eliza Ng
LastMod 2023-06-03