Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH brute force blocking tool

From: Tavis Ormandy <taviso () gentoo org>
Date: Tue, 28 Nov 2006 16:02:36 +0000
On Tue, Nov 28, 2006 at 10:56:33AM -0500, J. Oquendo wrote:

Incorrect did you look at the fix? It isn't unsanitized as you state:


J, you have made an attempt to fix it, but is is not sufficient.

An attacker can still add arbitrary hosts to the deny list.

Thanks, Tavis.

-- 
-------------------------------------
taviso () sdf lonestar org | finger me for my pgp key.
-------------------------------------------------------

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: