Full Disclosure mailing list archives
Re: SSH brute force blocking tool
From: "J. Oquendo" <sil () infiltrated net>
Date: Fri, 01 Dec 2006 09:09:25 -0500
Raphael Marichez wrote:
you're fixing your script when someone shows a security hole, that's a good practice. But don't insult the men who mention the vulnerabilities... They are actually helping you, because you're improving your script thanks to them.
Hello... Some of you guys seriously need to do some reading and refreshing of your browsers... The script was fixed days ago.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050952.html // SNIPPED Nov 27 16:31:21 local sshd[67010]: Illegal user dd from 213.134.128.227 awk '($5=="Illegal"||$6=="Illegal")&&$9=="from"{print $10}'Would stop the insertion attack and only print out the tench field if fields 5, 6 and 9 match Illegal user from.
So that would pretty much minimize the attack on name insertion. If I wanted to I could also make sure that if someone came after field 10, then ignore the entire line:
Nov 27 16:31:21 local sshd[67010]: Illegal user dd from 213.134.128.227 ...SO let me restate. I could modify it to look at lines 5, 6, and 9 ... Take a look at the tenth column and if anything comes after that...Ignore that entire line... Should I have done so, maybe... Will I do so... Maybe...
// END SNIPAnd I fixed it the same day to avoid the insertion of moronic usernames. Read the entire thread. My critiques comes from people who only snip out what is suitable for them to read.
-- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government. John Adams
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: SSH brute force blocking tool Tonnerre Lombard (Dec 01)
- Re: SSH brute force blocking tool J. Oquendo (Dec 01)
- Re: SSH brute force blocking tool Tonnerre Lombard (Dec 01)
- Re: SSH brute force blocking tool J. Oquendo (Dec 01)
- Re: SSH brute force blocking tool Raphael Marichez (Dec 01)
- Re: SSH brute force blocking tool Raphael Marichez (Dec 01)
- Re: SSH brute force blocking tool J. Oquendo (Dec 01)
- Re: SSH brute force blocking tool Tonnerre Lombard (Dec 01)
- <Possible follow-ups>
- Re: SSH brute force blocking tool Simon Smith (Dec 05)
- Re: SSH brute force blocking tool J. Oquendo (Dec 01)