PaulDotCom mailing list archives
F'ing with SSH Goons
From: cybereagle at gmail.com (Matt Hillman)
Date: Tue, 9 Dec 2008 10:04:19 +0000
I remember way back in the days of telnet there was some system a friend of mine found where if you logged in as root with any password it would pretend you had logged in successfully, show you some fake directories supposedly with the sysadmins pr0n in it, and after a short number of commands should display some semi animated ascii message that said something about you being a bad boy and shitting on you with 0s. It was pretty crazy. That said, if you do let them log in with any kind of real ssh, even if you lock it down with fake shells or whatnot, you'd have to be careful you dont fall victim to some local exploit that lands them in a nicer shell. If i was gonna do anything like that I think i'd take a vm and open port 22 on that. Its still sort of asking for trouble, but breaking out of a vm is a lot more hoops to jump through, and you could do just about anything you wanted then. It could even dynamically change some firewall rules to make the whole server look like something different and amusing to a woodbe attacker. Though I guess the brute forcers are probably automated anyway. On Tue, Dec 9, 2008 at 2:49 AM, adese <adese0 at gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hej all So for fun yesterday I put ssh back on port 22 from my usual obscure port. Within 5hrs I had someone dictionary attacking my box from the UK (surprise surprise it wasn't China). Now I'm all about defense and generally not into inviting trouble, however, I was wondering if there is anything fun you can do with those types. I was thinking of creating a common user name with a blank passwd and then sending a tty message to them after they went interactive, because honestly it would make me smile a lot just to see them logoff in fright after seeing me see them. That is fun and all but does any one know of other fun stuff for screwing with these jokers? all the best /adese -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iEYEARECAAYFAkk93J8ACgkQSsV9wg1YVSIVOwCfYbEt0n7+LQUqQFpTbtIysFp0 REIAoL288FBwSm/UsHpvVDOq+aRGaFbm =iriR -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081209/304edde1/attachment.htm
Current thread:
- F'ing with SSH Goons adese (Dec 08)
- F'ing with SSH Goons Karl Schuttler (Dec 08)
- F'ing with SSH Goons Aaron Moss (Dec 08)
- Message not available
- F'ing with SSH Goons Nathan Sweaney (Dec 09)
- F'ing with SSH Goons Dimitrios Kapsalis (Dec 09)
- F'ing with SSH Goons Strzelec, Wally (Dec 09)
- F'ing with SSH Goons Tim Krabec (Dec 09)
- F'ing with SSH Goons Nathan Sweaney (Dec 09)
- F'ing with SSH Goons Karl Schuttler (Dec 08)
- F'ing with SSH Goons Aaron Moss (Dec 09)
- F'ing with SSH Goons Mad Marv (Dec 09)
- F'ing with SSH Goons Joshua Wright (Dec 09)
- F'ing with SSH Goons iamnowonmai (Dec 09)
- F'ing with SSH Goons Nils (Dec 10)
- F'ing with SSH Goons Jim Halfpenny (Dec 12)
- F'ing with SSH Goons iamnowonmai (Dec 12)
- <Possible follow-ups>
- F'ing with SSH Goons David A. Gershman (Dec 08)