| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Jun 2010 02:31:08 +0200 From: Sebastian Rother <sebastian.rother@...erlin.de> To: full-disclosure@...ts.grok.org.uk Subject: Re: targetted SSH bruteforce attacks On Thu, 17 Jun 2010 16:56:41 -0500 "Mr. MailingLists" <mailinglists@...l-dev.com> wrote: > Hello Gary/List! > > On 6/17/2010 6:48 AM, Gary Baribault wrote: > > Hello list, > > > > I have a strange situation and would like information from the > > list members. I have three Linux boxes exposed to the Internet. Two of > > them are on cable modems, and both have two services that are publicly > > available. In both cases, I have SSH and named running and available > > to the public. Before you folks say it, yes I run SSH on TCP/22 and no > > I don't want to move it to another port, and no I don't want to > > restrict it to certain source IPs. Ok I strongly dislike this non-working blafoobiztalk. Are you all gayhats like FX who works for whoever pays most? Guys SSH attacks.. hey this aint the 80's. OpenBSD PF is always HANDY for LIMITING A CONNECTION/PER_AMOUNT_OF_TIME and thus automaticaly blocking such crap after 4 trials or so! I am deeply disappointed imho: What is this list... a mailinglist of whiners? YOU EXPOSED X LINUX HOSTS... OK! (LINUX wont matter, could be MS "remote desktop" or whatever) Linux is deepply fucked up (well CISCO looked for a OS as fucked up as IOS.. thus LINUX... CISCO ASA greets you...) and OpenBSD aint PERFECT either (hello Henning and Theo.. hello TCP/IP Stack or recent PF changes..). But OpenBSDs "PF" could limit the attacks you descripe pretty nicely (and here I have to thanks Henning and others for their free time imho, what you made is imho working at least). So what is risky about SSH-Attacks? I have multiple installations of self-defending oBSD frotnend-firewalls working for big customers against such shit. It aint even about SSH, say telnet (hello CISCO folks who deeply love Helith imho somehow *http logs*... what about a real own SSH and not forwarind your customers to a OpenSSH mailinglist... dipshits.. or what about making a donation to openBSD you fucktards? Hiring FX wont make a change...) or SMTP or POP3 or whatever protocol needs an authentication. And Hell I have even not thanked Theo or others for make it ALL (together) possible (of ecourse there is some salt in every soup..). No matter if they like me or not.. but sometimes their ideas are alright (even the code quality lacks behind in some parts..). You are loocking for a EASY WAY to collect Bots? OpenBSD PF with some "ideas" from you is your friend. So I await to see your donation to the OpenBSD project... If you make all the entries to get entered into the spamd-list spamd can even distribute your "lists of bots" to other hosts... just as a hint (and as critic that some people have to abuse spamd for this..). At least I abuse spamd like this sometimes. ;-D Kind regards, rmb _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists