lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Feb 21 18:06:46 2006
From: piercede at pdx.edu (Dean Pierce)
Subject: Compromised host list - some clarification...

If you need to protect your ssh from scanners, wouldn't it prolly just
be best to block people that are actually scanning you?  I use the
denyhosts script (watches logs for failed login attempts, and blocks ips
based on that), and there are a couple other good ones.  The two main
problems with your solution is..

1. how can you trust some magical offsite list so much that you are
willing to block traffic based on what it says?

2. how can you believe that such a list would ever be complete, or even
through?  New machines get taken over all the time, and my guess is that
the average lifespan of such machines is about a week or so before an
admin sees what's going on.

   - DEAN

James Lay wrote:
> So ok.....I'm completely positive I didn't make myself clear at all in
> my previous message...go me!  Here's a web site that I did manage to
> find that has a current list of open proxies:
> 
> http://www.samair.ru/proxy/index.htm
> 
> My hope is that I could find a site that has a list of currently
> reported open proxies, scanners, and ssh brute force boxes.  The RBL's
> pretty much have smtp covered.  I would run a cron job at midnight, wget
> and grep the file, then create an iptables table to block those hosts.
> This is an attempt to be more proactive then reactive...if I knew those
> hosts that were actively doing naughty things, why not block them at
> the get go?
> 
> Does this make sense?  Am I barking up the wrong tree?  Thanks all =)
> 
> James
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060221/118a43a2/signature.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ