OpenBSD Journal

Slow Brute Force Attacks On SSH

Contributed by jcr on from the port-knocking-on-heaven's-door dept.

Allan Jude, Kris Moore, and TJ of BSD Now have released Episode 007 where they throw James Bond down one of the internal shafts of the Death Star. Hopefully they won't start releasing prequels, but in this episode they also talk about the work of Peter N. M. Hansteen (pitrh@) using pf(4) to thwart slow, "low intensity," brute force attacks on sshd(8).

Peter gave a talk (with video) on the "The Hail Mary Cloud" brute force attacks at BSDCan 2013. He also gave a tutorial on pf(4) at EuroBSDCon 2013, and recently posted a summary of Lessons Learned from The Hail Mary Cloud on his blog. The blog post has a lot of great links to previous articles on slow brute force attacks on sshd(8) along with example datasets and logs.

(Comments are closed)

  1. By Allan Jude ( on

    We're also working on getting Peter on to the show for a proper interview, he has already agreed, it is just a matter of finding time in his schedule.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]