lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <456C489F.4020105@infiltrated.net>
Date: Tue, 28 Nov 2006 09:33:03 -0500
From: "J. Oquendo" <sil@...iltrated.net>
To: Thierry Zoller <Thierry@...ler.lu>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: SSH brute force blocking tool

Thierry Zoller wrote:
> Dear All,
>
> You are arguing over hypothesises where facts could rule. PLEASE someone
> just setup the script on a test environment and present us your
> results. Heck, it's not that we are discussing Metaproblems here,
> these are computers.
>
> Just install and make a PoC and enhance security for all
> for the sake of it. Thanks :)
>
>
>   
The problem with the whole thread was "well someone could do XXX" Sure 
they could... Anyone could... My point was someone shooting a message 
back to the list stating "Your program is a backdoor". It never was and 
it never will be. Can someone modify it on their own and make it a 
backdoor? Sure. Can someone inject something into the columns I was 
parsing, possible. Anything is possible. Since then I re-wrote arguments 
people were griping about:

ifaddr=`ifconfig -a|awk '/inet/ && !/inet6/ && !/127.0/ && 
!/192.168/{print $2}'|sed 's/addr\://g'`

function IPT {

grep -E 
'(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[1-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])){3}' 
/etc/hosts.deny|\
awk '!/#/&&/\./&&!a[$0]++
{print "iptables -A INPUT -s "$1" -i eth0 -d '$ifaddr' -p TCP --dport 22 
-j REJECT"}'|\
awk '/iptables/&&!/#/&&!/-s  -i/'|sh

}

The complaint was "anyone can insert $foo into the thirteenth column"... 
Try it instead of mouthing off about it. "Someone can possible inject 
tartar sauce into a sealed jar" Is it possible, sure it probably is, 
show me though instead of yapping off. Someone else griped, "someone can 
craftily insert your own address into an IP table." Look if someone is 
THAT stupid of an admin to not test things first, modify it to their 
needs, and gets themselves locked out of their own machine, they have no 
business on that machine. Period.





-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ