While playing with tcp wrappers today, I noticed that if you add: sshd: all : twist /bin/echo "SSH-1.0-SSH-1.0" to /etc/hosts.deny Any attempted connections to the machine that aren't allowed in /etc/hosts.allow will get this message: $ ssh 9.9.9.9 Remote machine has too old SSH software version. $ Compared to: sshd: all : twist /bin/echo "SSH-1.5-SSH-1.0" or even just a straight : sshd: all which both give: $ ssh 9.9.9.9 Connection closed by 9.9.9.9 $ It occurs to me that this could be a really neat time waster for a bunch of kiddies who can't figure out why their ssh exploit aren't working. I know this sorta thing has been discussed before, and my usual stance is that you are better off just blocking access than having someone keep poking, but this one is just soooo much fun due to the nature of the error that ssh gives... You can watch kiddies banging against the tcp wrapper for hours, not realising that they are not getting the real thing.. *grin* --- Nix - nix@susesecurity.com http://www.susesecurity.com
While playing with tcp wrappers today, I noticed that if you add: sshd: all : twist /bin/echo "SSH-1.0-SSH-1.0" to /etc/hosts.deny Any attempted connections to the machine that aren't allowed in /etc/hosts.allow will get this message:
Yup. wrote an article on this: http://www.securityportal.com/closet/closet20001115.html -Kurt
At 04:40 PM 12/02/2001, you wrote:
While playing with tcp wrappers today, I noticed that if you add: sshd: all : twist /bin/echo "SSH-1.0-SSH-1.0" to /etc/hosts.deny Any attempted connections to the machine that aren't allowed in /etc/hosts.allow will get this message:
Yup. wrote an article on this: http://www.securityportal.com/closet/closet20001115.html
Yes, I saw this one.. Nice article... My point was that this particular banner gives an interesting response in the ssh client... Cheers --- Nix - nix@susesecurity.com http://www.susesecurity.com
participants (2)
-
Kurt Seifried
-
Nix