Hi
there,
Here is a
simplescript I've coded up that I use on 3 of my RedHat Enterprise Linux 3
(RHEL3) servers. I decided to do this after seeing the
amount of
activity
from places like China/Korea/Taiwan in relation to SSH brute force probes. I'll
throw it open here for
Well, we apreciate your script although I would preffer to stay with my nice
bruteforcing attempts than to create an insecure temporary file bug:
[EMAIL PROTECTED]:~$ cat test.sh
#!/bin/sh
SCRIPT_NAME=$(basename $0)
TMP_FILE=/tmp/${SCRIPT_NAME}.$$
touch ${TMP_FILE}
echo pwn3d ${TMP_FILE}
exit
Ok, well spotted. Something for me to fix there.
Here you go, add these lines to the script just after the touch:
chmod 700 ${TMP_FILE}
${TMP_FILE}
My apologies, that is a no-no and something I should have spotted.
I originally thought about doing this with arrays in memory. I might go
## Michael L Benjamin ([EMAIL PROTECTED]):
TMP_FILE=/tmp/${SCRIPT_NAME}.$$
Considerd mktemp(1)?
Regards,
Christoph
--
Spare Space
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
It's an idea.
Involves calling another process though. I think the shell has enough
tools to adequately
create a secure temp file if I go about it in the right way. :-)
Cheers, Mike.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christoph
## Michael L Benjamin ([EMAIL PROTECTED]):
Involves calling another process though.
Not worse than using touch/chmod/chown. And much better than just
hoping that everything will be alright :)
I think the shell has enough
tools to adequately
create a secure temp file if I go about it in the
Hi,
I don't want to debate the goodness or badness of the strategy of
blocking hosts like this in /etc/hosts.deny. It works perfectly for me,
and most
likely would for you, so no religious debates thanks. It's effective at
blocking bruteforce attacks. If a host EXCEEDS a specified number of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 798-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 2nd, 2005
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pedro
Hugo
Sent: Friday, 2 September 2005 05:53 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] SSH Bruteforce blocking script
Hi,
I don't want to debate the goodness or badness
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 798-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Michael Stone
September 2, 2005
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 800-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 2nd, 2005
Hi folks
Is there a best practice for assign a router name ? e.g.: router type + city + room.id and so on
Wich method is usually used to assign a router name ?
Thanks
luka.reserach
___
Full-Disclosure - We believe in it.
Charter:
i got these results from fport, i found Messenger suspcious on port 13929 and its listening if i do telnet to it.
Pid Process Port Proto Path1292 svchost - 135 TCP C:\WINDOWS\system32\svchost.exe1384 svchost - 1025 TCP C:\WINDOWS\System32\svchost.exe792 navapw32 - 1027 TCP
On Sep/02/2005, luca developer wrote:
Is there a best practice for assign a router name ? e.g.: router type +
city + [1]room.id and so on
Wich method is usually used to assign a router name ?
I usually pick up names from the Japanese Comic DrSlump
anyway, I've seen lots of things
luca developer wrote:
Hi folks
Is there a best practice for assign a router name ? e.g.: router type
+ city + room.id http://room.id and so on
Wich method is usually used to assign a router name ?
Full-disclosure router naming would be GPS coordinates, wouldn't it?
This might proove to
Ok folks may I appear like a crazy man... but...
I think that the router name can give to an attacker a personality idea of netadmin ...
what do you think about this point ov view ?
___
Full-Disclosure - We believe in it.
Charter:
personally, i use serial killers...Dahmer=Milwauke, Gacy=Chicago,
Berkowitz=NY, Bundy=Miami, Ramire=LA, etc. Cant wait to open a Kansas City
office..
vb
- Original Message -
From: Peer Janssen [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk
Sent: Friday, September 02, 2005
just one more reason my naming sceme
rules.
personally, i use serial killers...Dahmer=Milwauke, Gacy=Chicago,
Berkowitz=NY, Bundy=Miami, Ramirez=LA, etc. Cant wait to open a Kansas City
office..
- Original Message -
From:
luka.research
To:
How about using FIPS-55.
Thanks
Brett Pfrommer
703-921-6329
Systems Design Security Officer
Customs and Border Protection
[EMAIL PROTECTED]
Actually, GPS coords have a place in DNS records.
On 9/2/05, Peer Janssen [EMAIL PROTECTED] wrote:
luca developer wrote:
Hi folks
Is there a best practice for assign a router name ? e.g.: router type
+ city + room.id http://room.id and so on
Wich method is usually used to assign a
How about using FIPS-55.
Thanks
In my modest opinion I think that with approach like FIPS-55 you can spread precious information .to attackers.
e.g: wich is the major link that connect two city ? ...ok let to see the router name... mhhh interesting...
what about hash key as router name ?
If you're running iptables why not make use of hashlimit? Once
a limit is reached all connection attempts from that IP would be blocked
until the hash entry expires.
An example pulled from the web:
iptables -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit \
1/min --hashlimit-mode srcip
Title: FileZilla weakly-encrypted password vulnerability - advisory plus PoC code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: FileZilla weakly-encrypted password vulnerability
Risk: HIGH
Credits: pagvac (Adrian Pastor)
Date found: 6th August, 2005
Homepage: www.ikwt.com
Previously on Full Disclosure:
--
Message: 9
Date: Fri, 2 Sep 2005 05:53:04 -0400
From: Pedro Hugo [EMAIL PROTECTED]
Subject: Re: [Full-disclosure] SSH Bruteforce blocking script
To: full-disclosure@lists.grok.org.uk
Message-ID: [EMAIL PROTECTED]
First, all issues that will allow any of the issues here to happen have
been fixed. With 5.0.18a, you can not use any method described below.
We had the fixes done in less than 24 hours.
Now, what a professional and responsible post. I normally don't reply
to these emails, but this person
Brian Moon wrote:
First, all issues that will allow any of the issues here to happen have
been fixed. With 5.0.18a, you can not use any method described below.
We had the fixes done in less than 24 hours.
Now, what a professional and responsible post. I normally don't reply
to these
Luigi Auriemma beat you to it:
http://aluigi.altervista.org/pwdrec/filezillapwd.zip
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
MadHat wrote:
I am not sure if you were being sarcastic or not.
I was not.
First, this is about securityfocus.com lists, not full-disclosure, just
so we are clear.
Roger.
The security focus lists are moderated. Things they don't want people
to see don't go through. Sometimes there
In my recent experience, LSADump2 has been crashing Windows boxes. I
was able to verify this on fully patched Windows XP and 2003. In
further examination, LSADump2, when executed, killed the lsass
process, and with the winlogon process still running, the system was
forced to reboot. As far as I
Tobin Craig ([EMAIL PROTECTED]) wrote:
I have spent considerable time
researching ad discussing with
lawyers your fantastic notion that
corporations are exempt from
reporting electronic crimes against
children.
What is this thing you believe in, an 'electronic crime against a child' ?
Are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 795-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Michael Stone
September 2, 2005
Is there a best practice for assign a router name ?
e.g.: router type + city + room.id and so on
Wich method is usually used to assign a router name ?
Think of social engg. Put in some name that would not
thing that is not so simple to guess because if someone
manages to figure out how they
Jason,
You are definitely off here.
Companies and their lawyers who fail to keep up with child pornography
law do so at their peril. The bipartisan resolve of state and federal
legislators to combat child pornography has led to laws that put the fate of
those who innocently possess child porn
33 matches
Mail list logo
