lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <00b501c63e15$b3714ca0$0100a8c0@nuclearwinter>
Date: Thu Mar  2 16:23:08 2006
From: fd at g-0.org (GroundZero Security)
Subject: reduction of brute force login attempts via
	SSHthrough iptables --hashlimit

Well i dont want to destroy your happy time where you can feel superior, but
if you would read the manpage of lastb you would notice that this approach wont work at all.
lastb just shows successfull logins! not all the attempted logins....we discussed that before though,
so better pay attention next time.

Another thing is that on many systems btmp is not present and thus lastb wouldnt work even if it
would show failed logins.

NAME
       last, lastb - show listing of last logged in users

SYNOPSIS
       last [-R] [-num] [ -n num ] [-adiox] [ -f file ] [name...]  [tty...]
       lastb [-R] [-num] [ -n num ] [ -f file ] [-adiox] [name...]  [tty...]

DESCRIPTION
       Last  searches  back  through  the  file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all
users logged in (and out)
       since that file was created.
       ....

as you can see it only logs "logged in" users not all those that tried. so your script is useless.



----- Original Message ----- 
From: "Gary Leons" <tastytastybeef@...glemail.com>
To: "GroundZero Security" <fd@....org>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Thursday, March 02, 2006 4:43 PM
Subject: Re: [Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit


> On 3/2/06, GroundZero Security <fd@....org> wrote:
> >
> > After all it works. There are always more ways to do it, but if its -A1 or
> > -1 really doesnt matter at all, its just you have to be pedantic over it i guess.
> > Yep im not a bash guru maybe,but i really dont care much for optimization
> > on a lame script like this as long as it WORKS and is not insecure.
>
>            ^^^^^^^^^^^^^^^
> HAH.
>
> >
> > If you really think it sucks sooo much that you cant take it, then before you reply to this mail now,
> > go and optimize it and send your version to FD then you can be happy and feel superior :-)
> >
> > -sk
>
> #!/bin/sh
> for i in `lastb -ai | awk '{print $(NF)}' | sort | uniq -c | sort -n |
> awk '{if ($1 >= 7) print $2}'`; do
>     if ! grep -q "sshd: ${i}" /etc/hosts.deny; then
>         printf "# %s\nsshd: %s\n" "`date`" "${i}" >> /etc/hosts.deny
>     fi
> done
>
> 5 lines, adds hosts with more than 7 failed logins to hosts.deny, run
> it from cron.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ