Gentoo Archives: gentoo-security

From: Brian Micek <bmicek@×××××××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] SSH probes
Date: Sat, 05 Nov 2005 22:36:42
Message-Id: 1131229721.8882.113.camel@localhost.localdomain
In Reply to: Re: [gentoo-security] SSH probes by Alec Warner
1 I'm very sorry for not describing what I'm doing in more detail
2 resulting in all this wasted email.
3 1. cat(1)ing /dev/urandom does not exploit any problems in an ssh
4 client. Ssh is written well and the program will realize there is a
5 problem on the TCP stream, describe the error and exit
6 2. My goal is to discourage punk hackers from attempting to crack my
7 networks. In order to do this, I'm experimenting with variations of
8 invalid TCP streams on TCP port 22.
9 3. I have no idea how people think this can hurt any network other than
10 my own or any legitimate software product.
11
12 I have to admit I'm angry at your attempt to argue a null issue. Your
13 network shouldn't be connecting to my networks but, in case it does, the
14 worse that can happen is a stream of random data will pass to your
15 machine over one socket from a single host resulting in bandwidth usage
16 on the lines of downloading a file. I postulated the hacking tool is
17 not written well.
18
19 Please lets forget about this thread because its going nowhere and once
20 again, I apologize about all this spam.
21 Brian Micek
22
23 On Sat, 2005-11-05 at 16:41 -0500, Alec Warner wrote:
24
25 > Brian Micek wrote:
26 > > I don't think you understand what I'm proposing. I am currently cat
27 > > (1)ing /dev/urandom on TCP port 22 in hopes to discourage hackers who
28 > > attempt to break into my system. Its beyond me how this is treading on
29 > > dangerous ground, what systems I'll endanger or what is morally wrong
30 > > with doing this. Brian Micek
31 > >
32 > > On Sat, 2005-11-05 at 15:19 -0500, William Yang wrote:
33 > >
34 > >
35 > >>agenci
36 > >
37 > >
38 >
39 > How is what are you planning to do any different from me hosting a
40 > website that attempts to exploit vulnerable web clients? Am I not
41 > responsible for hosting what could be considered hostile content? Are
42 > you responsible for damages to my machine if your /dev/urandom causes me
43 > undo downtime?
44 >
45 > You may think that this situation is different than the web example
46 > above, but in reality they are quite similar. You can't know with 100%
47 > certainty that the person requesting resources is a hacker and
48 > attempting to crash their client is what most would consider a hostile
49 > action.
50 >
51 > We all realise that there are people who do dumb crap like ssh scanning.
52 > However, I seriously doubt doing anything like this is going to help
53 > your situation; or hinder theirs. In the end you will waste bandwidth
54 > and cpu cycles and as the other poster mentioned, if they are smart
55 > enough to realize what is going on they can probably DoS your machine
56 > with it.
57 >
58 > Just keep your ports closed, or keep them open and monitor the activity.
59 > No need to go pissing the scanners off and give them a reason to spend
60 > more time on your systems anyway.
61 >
62 > -Alec Warner (Antarus)

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-security] SSH probes ascii <ascii@××××××××.com>