Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: targetted SSH bruteforce attacks
From: Sebastian Rother <sebastian.rother () jpberlin de>
Date: Fri, 18 Jun 2010 02:31:08 +0200

On Thu, 17 Jun 2010 16:56:41 -0500
"Mr. MailingLists" <mailinglists () soul-dev com> wrote:

Hello Gary/List!

On 6/17/2010 6:48 AM, Gary Baribault wrote:
Hello list,

    I have a strange situation and would like information from the
list members. I have three Linux boxes exposed to the Internet. Two of
them are on cable modems, and both have two services that are publicly
available. In both cases, I have SSH and named running and available
to the public. Before you folks say it, yes I run SSH on TCP/22 and no
I don't want to move it to another port, and no I don't want to
restrict it to certain source IPs.

Ok I strongly dislike this non-working blafoobiztalk.
Are you all gayhats like FX who works for whoever pays most?


Guys SSH attacks.. hey this aint the 80's.
OpenBSD PF is always HANDY for LIMITING A CONNECTION/PER_AMOUNT_OF_TIME
and thus automaticaly blocking such crap after 4 trials or so!

I am deeply disappointed imho: What is this list... a mailinglist of
whiners? YOU EXPOSED X LINUX HOSTS... OK! (LINUX wont matter, could be
MS "remote desktop" or whatever) Linux is deepply fucked up (well CISCO
looked for a OS as fucked up as IOS.. thus LINUX... CISCO ASA greets
you...) and OpenBSD aint PERFECT either (hello Henning and Theo.. hello
TCP/IP Stack or recent PF changes..). But OpenBSDs "PF" could limit the
attacks you descripe pretty nicely (and here I have to thanks Henning
and others for their free time imho, what you made is imho working at
least).

So what is risky about SSH-Attacks? I have multiple installations of
self-defending oBSD frotnend-firewalls working for big customers
against such shit. It aint even about SSH, say telnet (hello CISCO
folks who deeply love Helith imho somehow *http logs*... what about a
real own SSH and not forwarind your customers to a OpenSSH
mailinglist... dipshits.. or what about making a donation to openBSD
you fucktards? Hiring FX wont make a change...)  or SMTP or POP3 or
whatever protocol needs an authentication.

And Hell I have even not thanked Theo or others for make it ALL
(together) possible (of ecourse there is some salt in every soup..). No
matter if they like me or not..  but sometimes their ideas are alright
(even the code quality lacks behind in some parts..).

You are loocking for a EASY WAY to collect Bots? OpenBSD PF with some
"ideas" from you is your friend. So I await to see your donation to the
OpenBSD project...

If you make all the entries to get entered into the spamd-list spamd can
even distribute your "lists of bots" to other hosts... just as a hint
(and as critic that some people have to abuse spamd for this..).
At least I abuse spamd like this sometimes. ;-D



Kind regards,
rmb

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault