lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <456C5EF5.7030106@infiltrated.net>
Date: Tue, 28 Nov 2006 11:08:21 -0500
From: "J. Oquendo" <sil@...iltrated.net>
To: Tavis Ormandy <taviso@...too.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SSH brute force blocking tool

Tavis Ormandy wrote:
> On Tue, Nov 28, 2006 at 10:56:33AM -0500, J. Oquendo wrote:
>   
>> Incorrect did you look at the fix? It isn't unsanitized as you state:
>>     
>
> J, you have made an attempt to fix it, but is is not sufficient.
>
> An attacker can still add arbitrary hosts to the deny list.
>
> Thanks, Tavis.
>
>   
Right... And as I stated on a different post... If an inexperienced 
admin allows that, it is on them. My attempt at making what I NEEDED and 
thought was helpful succeeded. If someone wants to nc insert arbitrary 
addresses, so be it. No different that someone spoofing random addresses 
at a firewall. What are you going to do, sift through  every single 
address touching your network. Heck for what you just claimed "An 
attacker can still add arbitrary hosts to the deny list. ... it is not 
sufficient" ... TCP/IP is not sufficient with all of its issues. Give me 
a break

-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ