Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Brian Micek <bmicek@...>
Subject: Re: SSH probes
Date: Sat, 05 Nov 2005 17:28:41 -0500
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.3.2">
</HEAD>
<BODY>
I'm very sorry for not describing what I'm doing in more detail resulting in all this wasted email.&nbsp; <BR>
1.&nbsp; cat(1)ing /dev/urandom does not exploit any problems in an ssh client.&nbsp; Ssh is written well and the program will realize there is a problem on the TCP stream, describe the error and exit<BR>
2.&nbsp; My goal is to discourage punk hackers from attempting to crack my networks.&nbsp; In order to do this, I'm experimenting with variations of invalid TCP streams on TCP port 22.<BR>
3.&nbsp; I have no idea how people think this can hurt any network other than my own or any legitimate software product.<BR>
<BR>
I have to admit I'm angry at your attempt to argue a null issue.&nbsp; Your network shouldn't be connecting to my networks but, in case it does, the worse that can happen is a stream of random data will pass to your machine over one socket from a single host resulting in bandwidth usage on the lines of downloading a file.&nbsp; I postulated the hacking tool is not written well.<BR>
<BR>
Please lets forget about this thread because its going nowhere and once again, I apologize about all this spam.<BR>
Brian Micek<BR>
<BR>
On Sat, 2005-11-05 at 16:41 -0500, Alec Warner wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Brian Micek wrote:</FONT>
<FONT COLOR="#000000">&gt; I don't think you understand what I'm proposing.  I am currently cat</FONT>
<FONT COLOR="#000000">&gt; (1)ing /dev/urandom on TCP port 22 in hopes to discourage hackers who</FONT>
<FONT COLOR="#000000">&gt; attempt to break into my system.  Its beyond me how this is treading on</FONT>
<FONT COLOR="#000000">&gt; dangerous ground, what systems I'll endanger or what is morally wrong</FONT>
<FONT COLOR="#000000">&gt; with doing this.   Brian Micek</FONT>
<FONT COLOR="#000000">&gt; </FONT>
<FONT COLOR="#000000">&gt; On Sat, 2005-11-05 at 15:19 -0500, William Yang wrote:</FONT>
<FONT COLOR="#000000">&gt; </FONT>
<FONT COLOR="#000000">&gt; </FONT>
<FONT COLOR="#000000">&gt;&gt;agenci</FONT>
<FONT COLOR="#000000">&gt; </FONT>
<FONT COLOR="#000000">&gt; </FONT>

<FONT COLOR="#000000">How is what are you planning to do any different from me hosting a</FONT>
<FONT COLOR="#000000">website that attempts to exploit vulnerable web clients?  Am I not</FONT>
<FONT COLOR="#000000">responsible for hosting what could be considered hostile content?  Are</FONT>
<FONT COLOR="#000000">you responsible for damages to my machine if your /dev/urandom causes me</FONT>
<FONT COLOR="#000000">undo downtime?</FONT>

<FONT COLOR="#000000">You may think that this situation is different than the web example</FONT>
<FONT COLOR="#000000">above, but in reality they are quite similar.  You can't know with 100%</FONT>
<FONT COLOR="#000000">certainty that the person requesting resources is a hacker and</FONT>
<FONT COLOR="#000000">attempting to crash their client is what most would consider a hostile</FONT>
<FONT COLOR="#000000">action.</FONT>

<FONT COLOR="#000000">We all realise that there are people who do dumb crap like ssh scanning.</FONT>
<FONT COLOR="#000000"> However, I seriously doubt doing anything like this is going to help</FONT>
<FONT COLOR="#000000">your situation; or hinder theirs.  In the end you will waste bandwidth</FONT>
<FONT COLOR="#000000">and cpu cycles and as the other poster mentioned, if they are smart</FONT>
<FONT COLOR="#000000">enough to realize what is going on they can probably DoS your machine</FONT>
<FONT COLOR="#000000">with it.</FONT>

<FONT COLOR="#000000">Just keep your ports closed, or keep them open and monitor the activity.</FONT>
<FONT COLOR="#000000">No need to go pissing the scanners off and give them a reason to spend</FONT>
<FONT COLOR="#000000">more time on your systems anyway.</FONT>

<FONT COLOR="#000000">-Alec Warner (Antarus)</FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>
Attachment:
signature.asc (This is a digitally signed message part)
Replies:
Re: SSH probes
-- ascii
References:
SSH probes
-- Brian Micek
Re: SSH probes
-- William Yang
Re: SSH probes
-- Brian Micek
Re: SSH probes
-- Alec Warner
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: SSH probes
Next by thread:
Re: SSH probes
Previous by date:
Re: SSH probes
Next by date:
Re: SSH probes


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.