Gentoo Archives: gentoo-security

From: Alec Warner <warnera6@×××××××.edu>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] SSH probes
Date: Sat, 05 Nov 2005 21:50:08
In Reply to: Re: [gentoo-security] SSH probes by Brian Micek
Brian Micek wrote:
> I don't think you understand what I'm proposing. I am currently cat > (1)ing /dev/urandom on TCP port 22 in hopes to discourage hackers who > attempt to break into my system. Its beyond me how this is treading on > dangerous ground, what systems I'll endanger or what is morally wrong > with doing this. Brian Micek > > On Sat, 2005-11-05 at 15:19 -0500, William Yang wrote: > > >>agenci > >
How is what are you planning to do any different from me hosting a website that attempts to exploit vulnerable web clients? Am I not responsible for hosting what could be considered hostile content? Are you responsible for damages to my machine if your /dev/urandom causes me undo downtime? You may think that this situation is different than the web example above, but in reality they are quite similar. You can't know with 100% certainty that the person requesting resources is a hacker and attempting to crash their client is what most would consider a hostile action. We all realise that there are people who do dumb crap like ssh scanning. However, I seriously doubt doing anything like this is going to help your situation; or hinder theirs. In the end you will waste bandwidth and cpu cycles and as the other poster mentioned, if they are smart enough to realize what is going on they can probably DoS your machine with it. Just keep your ports closed, or keep them open and monitor the activity. No need to go pissing the scanners off and give them a reason to spend more time on your systems anyway. -Alec Warner (Antarus) -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] SSH probes Brian Micek <bmicek@×××××××××.net>