Mailinglist Archive: opensuse-security (138 mails)

[John Summerfield <suse@xxxxxxxxxxxxxxxxxxxxxx>]

Admin wrote:
> A more amusing alternative is to move SSH to another port, and put the
> LaBrea tarpit on port 22 and any other commonly attacked ports (firewall
> module).

I uite like this:

summer@www:~$ cat /etc/xinetd.d/telnet
# default: off
# description: An internal xinetd service which gets the current system time
# then prints it out in a format like this: "Wed Nov 13 22:30:27 EST 2002".
# This is the tcp version.
service telnet
{
        disable         = no
        socket_type     = stream
        protocol        = tcp
        user            = games
        wait            = no
        flags           = NAMEINARGS
        server          = /usr/sbin/tcpd
        server_args     = /bin/false
}

summer@www:~$

with this:
summer@www:~$ tail -4 /etc/hosts.deny

false: ALL: spawn ((echo attack from  %h;id -a) | \
               /usr/bin/mail -s %d-%h root) &

summer@www:~$

Good places to attach it where the services are not otherwise engaged:
telnet
ftp
ssh

There are probably better things to do that send email, but I just set
this up as a POC; you can't actually trigure it becaus the firewall
keeps you out.