lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <456C7337.9060103@infiltrated.net>
Date: Tue, 28 Nov 2006 12:34:47 -0500
From: "J. Oquendo" <sil@...iltrated.net>
To: Anders B Jansson <hdw@...listi.se>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SSH brute force blocking tool

Anders B Jansson wrote:
> Just one possibly silly question.
>
> Why are you working so hard to do this with complex scripts and stuff?
>
> I just wrote a little C snippet that runs on the firewall.
> All servers allowing external ssh send a copy of ssh auth to a port
> on the firewall.
>
> If it detects a brute force it adds the host to the block list and
> everything from that host is silently dropped.
>
> Added a whitelist function to avoid DOS attempts.
>
> Works perfect, and adds community service by letting the trawlers
> hang until they timeout.
>   
The purpose of this wasn't to reinvent the wheel. It was to allow those 
using the tool to report the addresses of anyone brute forcing ssh. 
These addresses are going to be posted for others to see. Something like 
an RBL for brute forcers.


-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ