Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
fooling kiddies
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Mon, 12 Feb 2001 16:33:40 +1100
  • Message-id: <>
While playing with tcp wrappers today, I noticed that if you add:
sshd: all : twist /bin/echo "SSH-1.0-SSH-1.0"
to /etc/hosts.deny
Any attempted connections to the machine that aren't allowed
in /etc/hosts.allow will get this message:

$ ssh
Remote machine has too old SSH software version.

Compared to:
sshd: all : twist /bin/echo "SSH-1.5-SSH-1.0"
or even just a straight :
sshd: all

which both give:

$ ssh
Connection closed by

It occurs to me that this could be a really neat time waster for a bunch
of kiddies who can't figure out why their ssh exploit aren't working.
I know this sorta thing has been discussed before, and my usual stance
is that you are better off just blocking access than having someone keep
poking, but this one is just soooo much fun due to the nature of the error that
ssh gives... You can watch kiddies banging against the tcp wrapper for hours,
not realising that they are not getting the real thing..


Nix - nix@xxxxxxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups