Password Brute Force Attack

by Felix Kinaro About 1 min reading time

In a password brute force attack, a hacker attempts all possible usernames and passwords to gain illegal access into a system. The process is carried out using automated software tools. The most commonly attacked service is SSH which runs on port 22 on a server. The Arch Linux wiki has an excellent tutorial on configuring SSH

One can easily identify brute force attacks in Linux. The first identifier is multiple attempts from the same IP address. I have an Ubuntu server where I have disabled SSH password log in, because I only use keys. Keys are superior over passwords since they are not vulnerable to brute force attacks.

Viewing failed login attempts on Linux

password bruteforce IPs

sudo lastb | wc -l

2048 failed attempts

sudo lastb > file.txt where file.txt is the name of the file. '>' directs the output of a command to a file.

Save info to file

You can then use the whois tool to get the details of a particular IP address if you wish. Install it using sudo apt install whois Consider using fail2ban to secure your server further.

Security should always be the first consideration whenever you deploy a product or service.

Subscribe to receive weekly articles

Your data is handled by Buttondown.