Gentoo Archives: gentoo-security

From: Brian Micek <bmicek@×××××××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] SSH probes
Date: Sat, 05 Nov 2005 22:36:42
Message-Id: 1131229721.8882.113.camel@localhost.localdomain
In Reply to: Re: [gentoo-security] SSH probes by Alec Warner
I'm very sorry for not describing what I'm doing in more detail
resulting in all this wasted email.  
1.  cat(1)ing /dev/urandom does not exploit any problems in an ssh
client.  Ssh is written well and the program will realize there is a
problem on the TCP stream, describe the error and exit
2.  My goal is to discourage punk hackers from attempting to crack my
networks.  In order to do this, I'm experimenting with variations of
invalid TCP streams on TCP port 22.
3.  I have no idea how people think this can hurt any network other than
my own or any legitimate software product.

I have to admit I'm angry at your attempt to argue a null issue.  Your
network shouldn't be connecting to my networks but, in case it does, the
worse that can happen is a stream of random data will pass to your
machine over one socket from a single host resulting in bandwidth usage
on the lines of downloading a file.  I postulated the hacking tool is
not written well.

Please lets forget about this thread because its going nowhere and once
again, I apologize about all this spam.
Brian Micek

On Sat, 2005-11-05 at 16:41 -0500, Alec Warner wrote:

> Brian Micek wrote: > > I don't think you understand what I'm proposing. I am currently cat > > (1)ing /dev/urandom on TCP port 22 in hopes to discourage hackers who > > attempt to break into my system. Its beyond me how this is treading on > > dangerous ground, what systems I'll endanger or what is morally wrong > > with doing this. Brian Micek > > > > On Sat, 2005-11-05 at 15:19 -0500, William Yang wrote: > > > > > >>agenci > > > > > > How is what are you planning to do any different from me hosting a > website that attempts to exploit vulnerable web clients? Am I not > responsible for hosting what could be considered hostile content? Are > you responsible for damages to my machine if your /dev/urandom causes me > undo downtime? > > You may think that this situation is different than the web example > above, but in reality they are quite similar. You can't know with 100% > certainty that the person requesting resources is a hacker and > attempting to crash their client is what most would consider a hostile > action. > > We all realise that there are people who do dumb crap like ssh scanning. > However, I seriously doubt doing anything like this is going to help > your situation; or hinder theirs. In the end you will waste bandwidth > and cpu cycles and as the other poster mentioned, if they are smart > enough to realize what is going on they can probably DoS your machine > with it. > > Just keep your ports closed, or keep them open and monitor the activity. > No need to go pissing the scanners off and give them a reason to spend > more time on your systems anyway. > > -Alec Warner (Antarus)


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] SSH probes ascii <ascii@××××××××.com>