[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri Mar 3 17:55:47 2006
From: fd at g-0.org (GroundZero Security)
Subject: Re: reduction of brute force login
attemptsviaSSHthrough iptables --hashlimit
your pathetic ..
----- Original Message -----
From: "Dave Korn" <davek_throwaway@...mail.com>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, March 03, 2006 4:59 PM
Subject: [Full-disclosure] Re: reduction of brute force login attemptsviaSSHthrough iptables --hashlimit
> GroundZero Security wrote:
> > Oh well...as i said its a QUICK script
> > and not a PERFECT solution to the problem.
>
> The fact that you threw together this booby-trap in a few minutes does not
> get you off the hook for the fact that it is a booby trap that you were
> offering to other people. Given that the script is a deadly threat to
> anyone's security who runs it, offering it around to them just is NOT "being
> helpful" or "better than nothing". Remember, anyone who doesn't run this
> script has no problem worse than annoying noise in their log files. Your
> script solves the problem of annoying noise in the logs at the expense of
> opening a massive remote execution vulnerability. That is NOT a worthwhile
> tradeoff EVER.
>
> >I made it for personal
> > use originally and it does its job..sofar i NEVER had problems with
> > it and usually
> > an attacker wont know you run it (i know thats not an execuse).
>
> HEY EVERYONE! SK IS RUNNING A VULNERABLE SCRIPT ON HIS BOX! LAST ONE TO
> PWN HIM IS A SUXXOR!
>
>
> cheers,
> DaveK
> --
> Can't think of a witty .sigline today....
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Powered by blists - more mailing lists