CN107707542A - A kind of method and system for preventing that ssh from cracking - Google Patents

A kind of method and system for preventing that ssh from cracking Download PDF

Info

Publication number
CN107707542A
CN107707542A CN201710898701.5A CN201710898701A CN107707542A CN 107707542 A CN107707542 A CN 107707542A CN 201710898701 A CN201710898701 A CN 201710898701A CN 107707542 A CN107707542 A CN 107707542A
Authority
CN
China
Prior art keywords
ssh
password
preventing
verified
cracking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710898701.5A
Other languages
Chinese (zh)
Inventor
吕重霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710898701.5A priority Critical patent/CN107707542A/en
Publication of CN107707542A publication Critical patent/CN107707542A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

A kind of method for preventing that ssh from cracking, specifically includes following steps:IP in ssh honey pot systems record blacklist;All passwords of the IP are verified, are judged whether consistent with the password of the machine;If consistent, password is changed at once.Also include a kind of system for preventing that ssh from cracking.On the premise of existing ssh services are not changed, hacker can be led into honey pot system by adding one layer of ssh honey pot system, and record the password dictionary and IP address of hacker, judged according to the change of hacker's dictionary, the machine that upgrades in time password, make system more complete.

Description

A kind of method and system for preventing that ssh from cracking
Technical field
The present invention relates to computer security defense technique field, specifically a kind of method for preventing ssh from cracking and it is System.
Background technology
One of remote service the most frequently used as linux (unix) operating system ssh, is always by pair of Brute Force As the ssh Brute Force instruments that hacker uses have a lot, wherein very famous just have hydra (github is shown in https in storehouse:// Github.com/vanhauser-thc/thc-hydra), the dictionary revealed on the net also have it is very more, theoretically, as long as Dictionary is most more than enough, can just crack any ssh services for not adding strick precaution one day.Ssh brute force attack methods are very simple Effectively, there is the server of great potential safety hazard, particularly weak password in server.
At present, hacker uses user name dictionary, and Brute Force is often used the password of other users, protected not thorough enough.Modification Give tacit consent to 22 ports:Hacker can use the scanning attacks such as nmap, it is easy to server real ports are scanned, it is almost not any Effect.Or when hacker find can not connection server when, can switch other ip addresses, continue brute force attack, protection has one Determine effect, but it is not thorough enough.
The content of the invention
It is an object of the invention to provide a kind of method and system for preventing ssh from cracking, the current server for solution Ssh protection is not thorough, the problem of potential safety hazard be present.
The technical scheme adopted by the invention to solve the technical problem is that:A kind of method for preventing that ssh from cracking, is specifically included Following steps:
IP in ssh honey pot systems record blacklist;
All passwords of the IP are verified, are judged whether consistent with the password of the machine;If consistent, password is changed at once.
Further, IP addition specifically includes in the blacklist:When receiving same IP address, continuously input is repeatedly wrong By mistake after password, the IP is added in blacklist.
Further, the configuration of fire wall is included, its specific steps includes:Limit in 22 port 60 seconds that each IP can only 10 new connections are initiated, if it exceeds the limitation, then recording diaries and lost data packets, prevent CC and genuine IP syn flood。
Further, also need to configure ssh honey pot systems, it specifically includes following steps:The class of definition process ssh requests;
Unlatching port 2222 is monitored.
Further, the class of definition process ssh requests specifically includes:IP address and password are saved in attacker's dictionary number According in storehouse.
A kind of system for preventing that ssh from cracking, including ssh honey pot systems, for storing the IP address and password of attacker; With,
Module is verified, whether the real password for verifying the password stored and the machine is identical, and produces verification result; With,
Execution module, corresponding operation is made for receiving the verification result verified module and sent, and according to result is verified.
Further, in addition to FWSM, each IP can only initiate 10 new connections in 22 port of limitation 60 seconds, use In the syn flood for preventing CC and genuine IP.
Further, the corresponding operating that described execution module is made includes change the machine password or without operation.
What the above content of the invention provided is only the statement of the embodiment of the present invention, rather than invention is in itself.
The effect provided in the content of the invention is only the effect of embodiment, rather than whole effects that invention is all, above-mentioned A technical scheme in technical scheme has the following advantages that or beneficial effect:
A kind of technical scheme of the present invention, can be by adding one layer of ssh honey on the premise of existing ssh services are not changed Can system, hacker is led into honey pot system, and record the password dictionary and IP address of hacker, according to the change of hacker's dictionary Judged, the machine that upgrades in time password, make system more complete.
Brief description of the drawings
Fig. 1 is the method flow schematic diagram of the embodiment of the present invention;
Fig. 2 is the system module connection diagram of the embodiment of the present invention.
Embodiment
In order to the technical characterstic of clear explanation this programme, below by embodiment, and its accompanying drawing is combined, to this Invention is described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention Structure.In order to simplify disclosure of the invention, hereinafter the part and setting of specific examples are described.In addition, the present invention can be with Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated Relation between various embodiments are discussed and/or set.It should be noted that part illustrated in the accompanying drawings is not necessarily to scale Draw.Present invention omits the description to known assemblies and treatment technology and process to avoid being unnecessarily limiting the present invention.
For the clearer description for understanding this programme, being below to prior art:
Prior art one:
Root user is forbidden to access;22 ports of modification acquiescence.
The shortcomings that prior art one:Root user is forbidden to access:Hacker uses user name dictionary, and Brute Force often uses other The password of user, protection are not thorough enough.22 ports of modification acquiescence:Hacker can use the scanning attacks such as nmap, it is easy to scan Go out server real ports, almost without any effect.
Prior art two:
Ssh sniffs are limited using denyhosts processes.Specially:Search for ssh au-thorization logs/var/log/auth.log Middle erroneous logons daily record, the ip addresses of multiple (number can be with self-defined) login failure are considered to the ip addresses of hacker, write/ In etc/hosts.deny, the ip of such hacker can not be again coupled to book server.
The shortcomings that prior art two:When hacker find can not connection server when, can switch other ip addresses, continue sudden and violent Power is attacked, and protection has certain effect, but not thorough enough.
In order to solve the problems, such as that prior art is present, the invention provides a kind of method for preventing ssh from cracking, such as Fig. 1 institutes Show, specifically include following steps:
IP in step 1) ssh honey pot systems record blacklist;
Whether step 2) verifies all passwords of the IP, judge consistent with the password of the machine;
If step 3) is consistent, password is changed at once.
Step 1) operation in, in blacklist IP addition specifically include:When receiving same IP address, continuously input is repeatedly wrong By mistake after password, the IP is added in blacklist.
A kind of method for preventing ssh from cracking also includes the configuration of fire wall, and its specific steps includes:Limit 22 port 60 seconds Interior each IP can only initiate 10 new connections, if it exceeds the limitation, then recording diaries and lost data packets, prevent CC and non-puppet Make IP syn flood.
Also need to configure ssh honey pot systems, it specifically includes following steps:
The class of definition process ssh requests;
Unlatching port 2222 is monitored.
The class of definition process ssh requests specifically includes:IP address and password are saved in attacker's dictionary database.
As shown in Fig. 2 a kind of system for preventing that ssh from cracking, including ssh honey pot systems, for storing the IP of attacker Location and password;With, module is verified, it is whether identical for the password of verification storage and the real password of the machine, and produce verification knot Fruit;With, execution module, the verification result sent for receiving verification module, and make corresponding operation according to result is verified.
Also include FWSM, each IP can only initiate 10 new connections in 22 port of limitation 60 seconds, for preventing CC And genuine IP syn flood.
The corresponding operating that execution module is made includes change the machine password or without operation.When verifying to identical with the machine password Password when, then at once change the machine password, if do not detected, do not operate.
Simply the preferred embodiment of the present invention described above, for those skilled in the art, Without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications are also regarded as this hair Bright protection domain.

Claims (8)

1. a kind of method for preventing that ssh from cracking, it is characterized in that, specifically include following steps:
IP in ssh honey pot systems record blacklist;
All passwords of the IP are verified, are judged whether consistent with the password of the machine;If consistent, password is changed at once.
2. according to the method for claim 1, it is characterized in that, in the blacklist IP addition specifically include:It is same when receiving After one IP address continuously inputs multiple bad password, the IP is added in blacklist.
3. according to the method for claim 1, it is characterized in that, include the configuration of fire wall, its specific steps includes:Limitation Each IP can only initiate 10 new connections in 22 ports 60 seconds, if it exceeds the limitation, then recording diaries and lost data packets, prevent Only CC and genuine IP syn flood.
4. according to the method for claim 1, it is characterized in that, also need to configure ssh honey pot systems, it specifically includes following step Suddenly:The class of definition process ssh requests;
Unlatching port 2222 is monitored.
5. according to the method for claim 4, it is characterized in that, the class of definition process ssh requests specifically includes:By IP address and Password is saved in attacker's dictionary database.
6. a kind of system for preventing that ssh from cracking, using the method described in claim 1 to 5 any one, it is characterized in that, including Ssh honey pot systems, for storing the IP address and password of attacker;With,
Module is verified, whether the real password for verifying the password stored and the machine is identical, and produces verification result;With,
Execution module, corresponding operation is made for receiving the verification result verified module and sent, and according to result is verified.
7. system according to claim 6, it is characterized in that, in addition to FWSM is each in 22 port of limitation 60 seconds IP can only initiate 10 new connections, for preventing CC and genuine IP syn flood.
8. system according to claim 6, it is characterized in that, the corresponding operating that described execution module is made includes change originally Secret code or without operation.
CN201710898701.5A 2017-09-28 2017-09-28 A kind of method and system for preventing that ssh from cracking Pending CN107707542A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710898701.5A CN107707542A (en) 2017-09-28 2017-09-28 A kind of method and system for preventing that ssh from cracking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710898701.5A CN107707542A (en) 2017-09-28 2017-09-28 A kind of method and system for preventing that ssh from cracking

Publications (1)

Publication Number Publication Date
CN107707542A true CN107707542A (en) 2018-02-16

Family

ID=61175313

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710898701.5A Pending CN107707542A (en) 2017-09-28 2017-09-28 A kind of method and system for preventing that ssh from cracking

Country Status (1)

Country Link
CN (1) CN107707542A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965264A (en) * 2018-06-26 2018-12-07 郑州云海信息技术有限公司 A kind of method and system of quick detection corporate intranet equipment SSH weak passwurd
CN109815689A (en) * 2018-12-28 2019-05-28 北京奇安信科技有限公司 A kind of website cipher safety guard method and device
CN110557405A (en) * 2019-09-30 2019-12-10 河海大学 High-interaction SSH honeypot implementation method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
US20150040192A1 (en) * 2013-07-31 2015-02-05 Michael Christopher Kobold Graduated access multi-password authentication
CN104639536A (en) * 2015-01-05 2015-05-20 浪潮(北京)电子信息产业有限公司 Method and system for preventing network attack
CN104811447A (en) * 2015-04-21 2015-07-29 深信服网络科技(深圳)有限公司 Security detection method and system based on attack association
CN105376210A (en) * 2014-12-08 2016-03-02 哈尔滨安天科技股份有限公司 Account threat identification and defense method and system
CN106686014A (en) * 2017-03-14 2017-05-17 北京深思数盾科技股份有限公司 Prevention method and prevention device of cyber attacks

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
US20150040192A1 (en) * 2013-07-31 2015-02-05 Michael Christopher Kobold Graduated access multi-password authentication
CN105376210A (en) * 2014-12-08 2016-03-02 哈尔滨安天科技股份有限公司 Account threat identification and defense method and system
CN104639536A (en) * 2015-01-05 2015-05-20 浪潮(北京)电子信息产业有限公司 Method and system for preventing network attack
CN104811447A (en) * 2015-04-21 2015-07-29 深信服网络科技(深圳)有限公司 Security detection method and system based on attack association
CN106686014A (en) * 2017-03-14 2017-05-17 北京深思数盾科技股份有限公司 Prevention method and prevention device of cyber attacks

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965264A (en) * 2018-06-26 2018-12-07 郑州云海信息技术有限公司 A kind of method and system of quick detection corporate intranet equipment SSH weak passwurd
CN109815689A (en) * 2018-12-28 2019-05-28 北京奇安信科技有限公司 A kind of website cipher safety guard method and device
CN110557405A (en) * 2019-09-30 2019-12-10 河海大学 High-interaction SSH honeypot implementation method
CN110557405B (en) * 2019-09-30 2021-09-17 河海大学 High-interaction SSH honeypot implementation method

Similar Documents

Publication Publication Date Title
Huang et al. Using one-time passwords to prevent password phishing attacks
US10157280B2 (en) System and method for identifying security breach attempts of a website
Jesudoss et al. A survey on authentication attacks and countermeasures in a distributed environment
CN109155784A (en) Distinguish longitudinal brute force attack and benign mistake
Wang et al. Introduction to network security: theory and practice
Kheirkhah et al. An experimental study of ssh attacks by using honeypot decoys
Kakarla et al. A real-world password cracking demonstration using open source tools for instructional use
CN107707542A (en) A kind of method and system for preventing that ssh from cracking
Hossain et al. OAuth-SSO: A framework to secure the OAuth-based SSO service for packaged web applications
Mary Shellshock attack on linux systems-bash
CN114448706B (en) Single package authorization method and device, electronic equipment and storage medium
Derfouf et al. Vulnerabilities and storage security in cloud computing
Chauhan Practical Network Scanning: Capture network vulnerabilities using standard tools such as Nmap and Nessus
Towhidi et al. The knowledge based authentication attacks
Gounder et al. New ways to fight malware
Vo et al. Protecting web 2.0 services from botnet exploitations
Wüest “Phishing In The Middle Of The Stream”-Today’s Threats To Online Banking
Khanna et al. Anatomy of compromising email accounts
Ahmad et al. Analysis of network security threats and vulnerabilities by development & implementation of a security network monitoring solution
Tolboom Computer Systems Security
Agbogun et al. Network security management: solutions to network intrusion related problems
US11258884B1 (en) Secure remote access based on inspection and validation of remote access protocol traffic
Vasile et al. Study of Honeypot Technology for Virtual Space Monitoring-Conpot Operation.
Chou Labs and Three-Stage Learning Process Used in a Cyber Security Learning System
Ch How easy is to break password protection: A preliminary empirical study

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180216