Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] SSH brute force blocking tool

from [J. Oquendo] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] SSH brute force blocking tool
Date: Tue, 28 Nov 2006 09:33:03 -0500
Thierry Zoller wrote: 
Dear All,

You are arguing over hypothesises where facts could rule. PLEASE someone
just setup the script on a test environment and present us your
results. Heck, it's not that we are discussing Metaproblems here,
these are computers.

Just install and make a PoC and enhance security for all
for the sake of it. Thanks :)


The problem with the whole thread was "well someone could do XXX" Sure they could... Anyone could... My point was someone shooting a message back to the list stating "Your program is a backdoor". It never was and it never will be. Can someone modify it on their own and make it a backdoor? Sure. Can someone inject something into the columns I was parsing, possible. Anything is possible. Since then I re-wrote arguments people were griping about:

ifaddr=`ifconfig -a|awk '/inet/ && !/inet6/ && !/127.0/ && !/192.168/{print $2}'|sed 's/addr\://g'`

function IPT {

grep -E '(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[1-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])){3}' /etc/hosts.deny|\
awk '!/#/&&/\./&&!a[$0]++
{print "iptables -A INPUT -s "$1" -i eth0 -d '$ifaddr' -p TCP --dport 22 -j REJECT"}'|\
awk '/iptables/&&!/#/&&!/-s -i/'|sh

}

The complaint was "anyone can insert $foo into the thirteenth column"... Try it instead of mouthing off about it. "Someone can possible inject tartar sauce into a sealed jar" Is it possible, sure it probably is, show me though instead of yapping off. Someone else griped, "someone can craftily insert your own address into an IP table." Look if someone is THAT stupid of an admin to not test things first, modify it to their needs, and gets themselves locked out of their own machine, they have no business on that machine. Period.





--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] SSH brute force blocking tool, Thierry Zoller
Next by Date:  Re: [Full-disclosure] SSH brute force blocking tool, Tavis Ormandy
Previous by Thread:  Re: [Full-disclosure] SSH brute force blocking tool, Thierry Zoller
Next by Thread:  Re: [Full-disclosure] SSH brute force blocking tool, Tavis Ormandy
Indexes:  [Date] [Thread] [Top] [All Lists]