Re: Re: reduction of brute force login attemptsviaSSHthrough iptables --hashlimit

["GroundZero Security" <fd () g-0 org>]

your pathetic ..

----- Original Message ----- 
From: "Dave Korn" <davek_throwaway () hotmail com>
To: <full-disclosure () lists grok org uk>
Sent: Friday, March 03, 2006 4:59 PM
Subject: [Full-disclosure] Re: reduction of brute force login attemptsviaSSHthrough iptables --hashlimit


> GroundZero Security wrote:
> > Oh well...as i said its a QUICK script
> > and not a PERFECT solution to the problem.
>
>   The fact that you threw together this booby-trap in a few minutes does not 
> get you off the hook for the fact that it is a booby trap that you were 
> offering to other people.  Given that the script is a deadly threat to 
> anyone's security who runs it, offering it around to them just is NOT "being 
> helpful" or "better than nothing".  Remember, anyone who doesn't run this 
> script has no problem worse than annoying noise in their log files.  Your 
> script solves the problem of annoying noise in the logs at the expense of 
> opening a massive remote execution vulnerability.  That is NOT a worthwhile 
> tradeoff EVER.
>
> > I made it for personal
> > use originally and it does its job..sofar i NEVER had problems with
> > it and usually
> > an attacker wont know you run it (i know thats not an execuse).
>
>   HEY EVERYONE!  SK IS RUNNING A VULNERABLE SCRIPT ON HIS BOX!  LAST ONE TO 
> PWN HIM IS A SUXXOR!
>
>
>     cheers,
>       DaveK
> -- 
> Can't think of a witty .sigline today.... 
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/