[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <45702506.4070300@infiltrated.net>
Date: Fri, 01 Dec 2006 07:50:14 -0500
From: "J. Oquendo" <sil@...iltrated.net>
To: Tonnerre Lombard <tonnerre.lombard@...roup.ch>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SSH brute force blocking tool
Tonnerre Lombard wrote:
> Salut,
>
> On Fri, 2006-12-01 at 07:26 -0500, J. Oquendo wrote:
>
>> So again... Some of you guys need to go back and read before you post....
>>
>
> In this case, the NF wasn't in your original posting, so I could hardly
> have seen it. Still, there are problems with it, but not security
> wise...
>
>
>> awk 'NF<=10&&($6=="nvalid"||$7=="user")&&$9=="from"{print $10}'
>>
>> Once you try a moronic name insertion it makes the columns more than 10
>> rows invalidating it.
>>
>
> In that case, your script isn't going to work in most cases. For
> example, on our router we get:
>
> Dec 1 13:35:24 rtsyg01 sshd[12178]: Failed password for invalid user
> asdf from 10.1.5.166 port 51558 ssh2
>
> -> more than 10 columns.
>
>
And this is my problem how? The script was written mainly for myself and
was passed on as
something someone can use at their leisure and expense. "Your script
isn't going to work
boohoo" Is it not customizable to fit your need. I would think so all it
is doing is text processing
no brainer there.
> Also, one of our customers uses user names which consist of two parts
> which are separated by spaces. This is due to his use of Windows. The
> users are called e.g. "John Doe", so you do an ssh "John
> Doe@...vername.asdf.ch". In this case, your script fails entirely
>
Again... Re-read my previous paragraph.
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists