lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri Mar  3 17:55:47 2006
From: fd at g-0.org (GroundZero Security)
Subject: Re: reduction of brute force login
	attemptsviaSSHthrough iptables --hashlimit

your pathetic ..

----- Original Message ----- 
From: "Dave Korn" <davek_throwaway@...mail.com>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, March 03, 2006 4:59 PM
Subject: [Full-disclosure] Re: reduction of brute force login attemptsviaSSHthrough iptables --hashlimit


> GroundZero Security wrote:
> > Oh well...as i said its a QUICK script
> > and not a PERFECT solution to the problem.
> 
>   The fact that you threw together this booby-trap in a few minutes does not 
> get you off the hook for the fact that it is a booby trap that you were 
> offering to other people.  Given that the script is a deadly threat to 
> anyone's security who runs it, offering it around to them just is NOT "being 
> helpful" or "better than nothing".  Remember, anyone who doesn't run this 
> script has no problem worse than annoying noise in their log files.  Your 
> script solves the problem of annoying noise in the logs at the expense of 
> opening a massive remote execution vulnerability.  That is NOT a worthwhile 
> tradeoff EVER.
> 
> >I made it for personal
> > use originally and it does its job..sofar i NEVER had problems with
> > it and usually
> > an attacker wont know you run it (i know thats not an execuse).
> 
>   HEY EVERYONE!  SK IS RUNNING A VULNERABLE SCRIPT ON HIS BOX!  LAST ONE TO 
> PWN HIM IS A SUXXOR!
> 
> 
>     cheers,
>       DaveK
> -- 
> Can't think of a witty .sigline today.... 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ