lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20100618023108.56ab365a.sebastian.rother@jpberlin.de>
Date: Fri, 18 Jun 2010 02:31:08 +0200
From: Sebastian Rother <sebastian.rother@...erlin.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: targetted SSH bruteforce attacks

On Thu, 17 Jun 2010 16:56:41 -0500
"Mr. MailingLists" <mailinglists@...l-dev.com> wrote:

> Hello Gary/List!
> 
> On 6/17/2010 6:48 AM, Gary Baribault wrote:
> > Hello list,
> > 
> >     I have a strange situation and would like information from the
> > list members. I have three Linux boxes exposed to the Internet. Two of
> > them are on cable modems, and both have two services that are publicly
> > available. In both cases, I have SSH and named running and available
> > to the public. Before you folks say it, yes I run SSH on TCP/22 and no
> > I don't want to move it to another port, and no I don't want to
> > restrict it to certain source IPs.

Ok I strongly dislike this non-working blafoobiztalk.
Are you all gayhats like FX who works for whoever pays most?


Guys SSH attacks.. hey this aint the 80's.
OpenBSD PF is always HANDY for LIMITING A CONNECTION/PER_AMOUNT_OF_TIME
and thus automaticaly blocking such crap after 4 trials or so!

I am deeply disappointed imho: What is this list... a mailinglist of
whiners? YOU EXPOSED X LINUX HOSTS... OK! (LINUX wont matter, could be
MS "remote desktop" or whatever) Linux is deepply fucked up (well CISCO
looked for a OS as fucked up as IOS.. thus LINUX... CISCO ASA greets
you...) and OpenBSD aint PERFECT either (hello Henning and Theo.. hello
TCP/IP Stack or recent PF changes..). But OpenBSDs "PF" could limit the
attacks you descripe pretty nicely (and here I have to thanks Henning
and others for their free time imho, what you made is imho working at
least).

So what is risky about SSH-Attacks? I have multiple installations of
self-defending oBSD frotnend-firewalls working for big customers
against such shit. It aint even about SSH, say telnet (hello CISCO
folks who deeply love Helith imho somehow *http logs*... what about a
real own SSH and not forwarind your customers to a OpenSSH
mailinglist... dipshits.. or what about making a donation to openBSD
you fucktards? Hiring FX wont make a change...)  or SMTP or POP3 or
whatever protocol needs an authentication.

And Hell I have even not thanked Theo or others for make it ALL
(together) possible (of ecourse there is some salt in every soup..). No
matter if they like me or not..  but sometimes their ideas are alright
(even the code quality lacks behind in some parts..).

You are loocking for a EASY WAY to collect Bots? OpenBSD PF with some
"ideas" from you is your friend. So I await to see your donation to the
OpenBSD project...

If you make all the entries to get entered into the spamd-list spamd can
even distribute your "lists of bots" to other hosts... just as a hint
(and as critic that some people have to abuse spamd for this..).
At least I abuse spamd like this sometimes. ;-D



Kind regards,
rmb

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ