CN107707542A - A kind of method and system for preventing that ssh from cracking - Google Patents
A kind of method and system for preventing that ssh from cracking Download PDFInfo
- Publication number
- CN107707542A CN107707542A CN201710898701.5A CN201710898701A CN107707542A CN 107707542 A CN107707542 A CN 107707542A CN 201710898701 A CN201710898701 A CN 201710898701A CN 107707542 A CN107707542 A CN 107707542A
- Authority
- CN
- China
- Prior art keywords
- ssh
- password
- preventing
- verified
- cracking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
A kind of method for preventing that ssh from cracking, specifically includes following steps:IP in ssh honey pot systems record blacklist;All passwords of the IP are verified, are judged whether consistent with the password of the machine;If consistent, password is changed at once.Also include a kind of system for preventing that ssh from cracking.On the premise of existing ssh services are not changed, hacker can be led into honey pot system by adding one layer of ssh honey pot system, and record the password dictionary and IP address of hacker, judged according to the change of hacker's dictionary, the machine that upgrades in time password, make system more complete.
Description
Technical field
The present invention relates to computer security defense technique field, specifically a kind of method for preventing ssh from cracking and it is
System.
Background technology
One of remote service the most frequently used as linux (unix) operating system ssh, is always by pair of Brute Force
As the ssh Brute Force instruments that hacker uses have a lot, wherein very famous just have hydra (github is shown in https in storehouse://
Github.com/vanhauser-thc/thc-hydra), the dictionary revealed on the net also have it is very more, theoretically, as long as
Dictionary is most more than enough, can just crack any ssh services for not adding strick precaution one day.Ssh brute force attack methods are very simple
Effectively, there is the server of great potential safety hazard, particularly weak password in server.
At present, hacker uses user name dictionary, and Brute Force is often used the password of other users, protected not thorough enough.Modification
Give tacit consent to 22 ports:Hacker can use the scanning attacks such as nmap, it is easy to server real ports are scanned, it is almost not any
Effect.Or when hacker find can not connection server when, can switch other ip addresses, continue brute force attack, protection has one
Determine effect, but it is not thorough enough.
The content of the invention
It is an object of the invention to provide a kind of method and system for preventing ssh from cracking, the current server for solution
Ssh protection is not thorough, the problem of potential safety hazard be present.
The technical scheme adopted by the invention to solve the technical problem is that:A kind of method for preventing that ssh from cracking, is specifically included
Following steps:
IP in ssh honey pot systems record blacklist;
All passwords of the IP are verified, are judged whether consistent with the password of the machine;If consistent, password is changed at once.
Further, IP addition specifically includes in the blacklist:When receiving same IP address, continuously input is repeatedly wrong
By mistake after password, the IP is added in blacklist.
Further, the configuration of fire wall is included, its specific steps includes:Limit in 22 port 60 seconds that each IP can only
10 new connections are initiated, if it exceeds the limitation, then recording diaries and lost data packets, prevent CC and genuine IP syn
flood。
Further, also need to configure ssh honey pot systems, it specifically includes following steps:The class of definition process ssh requests;
Unlatching port 2222 is monitored.
Further, the class of definition process ssh requests specifically includes:IP address and password are saved in attacker's dictionary number
According in storehouse.
A kind of system for preventing that ssh from cracking, including ssh honey pot systems, for storing the IP address and password of attacker;
With,
Module is verified, whether the real password for verifying the password stored and the machine is identical, and produces verification result;
With,
Execution module, corresponding operation is made for receiving the verification result verified module and sent, and according to result is verified.
Further, in addition to FWSM, each IP can only initiate 10 new connections in 22 port of limitation 60 seconds, use
In the syn flood for preventing CC and genuine IP.
Further, the corresponding operating that described execution module is made includes change the machine password or without operation.
What the above content of the invention provided is only the statement of the embodiment of the present invention, rather than invention is in itself.
The effect provided in the content of the invention is only the effect of embodiment, rather than whole effects that invention is all, above-mentioned
A technical scheme in technical scheme has the following advantages that or beneficial effect:
A kind of technical scheme of the present invention, can be by adding one layer of ssh honey on the premise of existing ssh services are not changed
Can system, hacker is led into honey pot system, and record the password dictionary and IP address of hacker, according to the change of hacker's dictionary
Judged, the machine that upgrades in time password, make system more complete.
Brief description of the drawings
Fig. 1 is the method flow schematic diagram of the embodiment of the present invention;
Fig. 2 is the system module connection diagram of the embodiment of the present invention.
Embodiment
In order to the technical characterstic of clear explanation this programme, below by embodiment, and its accompanying drawing is combined, to this
Invention is described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention
Structure.In order to simplify disclosure of the invention, hereinafter the part and setting of specific examples are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relation between various embodiments are discussed and/or set.It should be noted that part illustrated in the accompanying drawings is not necessarily to scale
Draw.Present invention omits the description to known assemblies and treatment technology and process to avoid being unnecessarily limiting the present invention.
For the clearer description for understanding this programme, being below to prior art:
Prior art one:
Root user is forbidden to access;22 ports of modification acquiescence.
The shortcomings that prior art one:Root user is forbidden to access:Hacker uses user name dictionary, and Brute Force often uses other
The password of user, protection are not thorough enough.22 ports of modification acquiescence:Hacker can use the scanning attacks such as nmap, it is easy to scan
Go out server real ports, almost without any effect.
Prior art two:
Ssh sniffs are limited using denyhosts processes.Specially:Search for ssh au-thorization logs/var/log/auth.log
Middle erroneous logons daily record, the ip addresses of multiple (number can be with self-defined) login failure are considered to the ip addresses of hacker, write/
In etc/hosts.deny, the ip of such hacker can not be again coupled to book server.
The shortcomings that prior art two:When hacker find can not connection server when, can switch other ip addresses, continue sudden and violent
Power is attacked, and protection has certain effect, but not thorough enough.
In order to solve the problems, such as that prior art is present, the invention provides a kind of method for preventing ssh from cracking, such as Fig. 1 institutes
Show, specifically include following steps:
IP in step 1) ssh honey pot systems record blacklist;
Whether step 2) verifies all passwords of the IP, judge consistent with the password of the machine;
If step 3) is consistent, password is changed at once.
Step 1) operation in, in blacklist IP addition specifically include:When receiving same IP address, continuously input is repeatedly wrong
By mistake after password, the IP is added in blacklist.
A kind of method for preventing ssh from cracking also includes the configuration of fire wall, and its specific steps includes:Limit 22 port 60 seconds
Interior each IP can only initiate 10 new connections, if it exceeds the limitation, then recording diaries and lost data packets, prevent CC and non-puppet
Make IP syn flood.
Also need to configure ssh honey pot systems, it specifically includes following steps:
The class of definition process ssh requests;
Unlatching port 2222 is monitored.
The class of definition process ssh requests specifically includes:IP address and password are saved in attacker's dictionary database.
As shown in Fig. 2 a kind of system for preventing that ssh from cracking, including ssh honey pot systems, for storing the IP of attacker
Location and password;With, module is verified, it is whether identical for the password of verification storage and the real password of the machine, and produce verification knot
Fruit;With, execution module, the verification result sent for receiving verification module, and make corresponding operation according to result is verified.
Also include FWSM, each IP can only initiate 10 new connections in 22 port of limitation 60 seconds, for preventing CC
And genuine IP syn flood.
The corresponding operating that execution module is made includes change the machine password or without operation.When verifying to identical with the machine password
Password when, then at once change the machine password, if do not detected, do not operate.
Simply the preferred embodiment of the present invention described above, for those skilled in the art,
Without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications are also regarded as this hair
Bright protection domain.
Claims (8)
1. a kind of method for preventing that ssh from cracking, it is characterized in that, specifically include following steps:
IP in ssh honey pot systems record blacklist;
All passwords of the IP are verified, are judged whether consistent with the password of the machine;If consistent, password is changed at once.
2. according to the method for claim 1, it is characterized in that, in the blacklist IP addition specifically include:It is same when receiving
After one IP address continuously inputs multiple bad password, the IP is added in blacklist.
3. according to the method for claim 1, it is characterized in that, include the configuration of fire wall, its specific steps includes:Limitation
Each IP can only initiate 10 new connections in 22 ports 60 seconds, if it exceeds the limitation, then recording diaries and lost data packets, prevent
Only CC and genuine IP syn flood.
4. according to the method for claim 1, it is characterized in that, also need to configure ssh honey pot systems, it specifically includes following step
Suddenly:The class of definition process ssh requests;
Unlatching port 2222 is monitored.
5. according to the method for claim 4, it is characterized in that, the class of definition process ssh requests specifically includes:By IP address and
Password is saved in attacker's dictionary database.
6. a kind of system for preventing that ssh from cracking, using the method described in claim 1 to 5 any one, it is characterized in that, including
Ssh honey pot systems, for storing the IP address and password of attacker;With,
Module is verified, whether the real password for verifying the password stored and the machine is identical, and produces verification result;With,
Execution module, corresponding operation is made for receiving the verification result verified module and sent, and according to result is verified.
7. system according to claim 6, it is characterized in that, in addition to FWSM is each in 22 port of limitation 60 seconds
IP can only initiate 10 new connections, for preventing CC and genuine IP syn flood.
8. system according to claim 6, it is characterized in that, the corresponding operating that described execution module is made includes change originally
Secret code or without operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710898701.5A CN107707542A (en) | 2017-09-28 | 2017-09-28 | A kind of method and system for preventing that ssh from cracking |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710898701.5A CN107707542A (en) | 2017-09-28 | 2017-09-28 | A kind of method and system for preventing that ssh from cracking |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107707542A true CN107707542A (en) | 2018-02-16 |
Family
ID=61175313
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710898701.5A Pending CN107707542A (en) | 2017-09-28 | 2017-09-28 | A kind of method and system for preventing that ssh from cracking |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107707542A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965264A (en) * | 2018-06-26 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of method and system of quick detection corporate intranet equipment SSH weak passwurd |
CN109815689A (en) * | 2018-12-28 | 2019-05-28 | 北京奇安信科技有限公司 | A kind of website cipher safety guard method and device |
CN110557405A (en) * | 2019-09-30 | 2019-12-10 | 河海大学 | High-interaction SSH honeypot implementation method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103139184A (en) * | 2011-12-02 | 2013-06-05 | 中国电信股份有限公司 | Intelligent network firewall device and network attack protection method |
US20150040192A1 (en) * | 2013-07-31 | 2015-02-05 | Michael Christopher Kobold | Graduated access multi-password authentication |
CN104639536A (en) * | 2015-01-05 | 2015-05-20 | 浪潮(北京)电子信息产业有限公司 | Method and system for preventing network attack |
CN104811447A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Security detection method and system based on attack association |
CN105376210A (en) * | 2014-12-08 | 2016-03-02 | 哈尔滨安天科技股份有限公司 | Account threat identification and defense method and system |
CN106686014A (en) * | 2017-03-14 | 2017-05-17 | 北京深思数盾科技股份有限公司 | Prevention method and prevention device of cyber attacks |
-
2017
- 2017-09-28 CN CN201710898701.5A patent/CN107707542A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103139184A (en) * | 2011-12-02 | 2013-06-05 | 中国电信股份有限公司 | Intelligent network firewall device and network attack protection method |
US20150040192A1 (en) * | 2013-07-31 | 2015-02-05 | Michael Christopher Kobold | Graduated access multi-password authentication |
CN105376210A (en) * | 2014-12-08 | 2016-03-02 | 哈尔滨安天科技股份有限公司 | Account threat identification and defense method and system |
CN104639536A (en) * | 2015-01-05 | 2015-05-20 | 浪潮(北京)电子信息产业有限公司 | Method and system for preventing network attack |
CN104811447A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Security detection method and system based on attack association |
CN106686014A (en) * | 2017-03-14 | 2017-05-17 | 北京深思数盾科技股份有限公司 | Prevention method and prevention device of cyber attacks |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965264A (en) * | 2018-06-26 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of method and system of quick detection corporate intranet equipment SSH weak passwurd |
CN109815689A (en) * | 2018-12-28 | 2019-05-28 | 北京奇安信科技有限公司 | A kind of website cipher safety guard method and device |
CN110557405A (en) * | 2019-09-30 | 2019-12-10 | 河海大学 | High-interaction SSH honeypot implementation method |
CN110557405B (en) * | 2019-09-30 | 2021-09-17 | 河海大学 | High-interaction SSH honeypot implementation method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Huang et al. | Using one-time passwords to prevent password phishing attacks | |
US10157280B2 (en) | System and method for identifying security breach attempts of a website | |
Jesudoss et al. | A survey on authentication attacks and countermeasures in a distributed environment | |
CN109155784A (en) | Distinguish longitudinal brute force attack and benign mistake | |
Wang et al. | Introduction to network security: theory and practice | |
Kheirkhah et al. | An experimental study of ssh attacks by using honeypot decoys | |
Kakarla et al. | A real-world password cracking demonstration using open source tools for instructional use | |
CN107707542A (en) | A kind of method and system for preventing that ssh from cracking | |
Hossain et al. | OAuth-SSO: A framework to secure the OAuth-based SSO service for packaged web applications | |
Mary | Shellshock attack on linux systems-bash | |
CN114448706B (en) | Single package authorization method and device, electronic equipment and storage medium | |
Derfouf et al. | Vulnerabilities and storage security in cloud computing | |
Chauhan | Practical Network Scanning: Capture network vulnerabilities using standard tools such as Nmap and Nessus | |
Towhidi et al. | The knowledge based authentication attacks | |
Gounder et al. | New ways to fight malware | |
Vo et al. | Protecting web 2.0 services from botnet exploitations | |
Wüest | “Phishing In The Middle Of The Stream”-Today’s Threats To Online Banking | |
Khanna et al. | Anatomy of compromising email accounts | |
Ahmad et al. | Analysis of network security threats and vulnerabilities by development & implementation of a security network monitoring solution | |
Tolboom | Computer Systems Security | |
Agbogun et al. | Network security management: solutions to network intrusion related problems | |
US11258884B1 (en) | Secure remote access based on inspection and validation of remote access protocol traffic | |
Vasile et al. | Study of Honeypot Technology for Virtual Space Monitoring-Conpot Operation. | |
Chou | Labs and Three-Stage Learning Process Used in a Cyber Security Learning System | |
Ch | How easy is to break password protection: A preliminary empirical study |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180216 |