Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
fooling kiddies
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Mon, 12 Feb 2001 16:33:40 +1100
  • Message-id: <5.0.2.1.0.20010212162359.00a83228@xxxxxxxxxxxxxxxxxxxx>
While playing with tcp wrappers today, I noticed that if you add:
sshd: all : twist /bin/echo "SSH-1.0-SSH-1.0"
to /etc/hosts.deny
Any attempted connections to the machine that aren't allowed
in /etc/hosts.allow will get this message:

$ ssh 9.9.9.9
Remote machine has too old SSH software version.
$

Compared to:
sshd: all : twist /bin/echo "SSH-1.5-SSH-1.0"
or even just a straight :
sshd: all

which both give:

$ ssh 9.9.9.9
Connection closed by 9.9.9.9
$

It occurs to me that this could be a really neat time waster for a bunch
of kiddies who can't figure out why their ssh exploit aren't working.
I know this sorta thing has been discussed before, and my usual stance
is that you are better off just blocking access than having someone keep
poking, but this one is just soooo much fun due to the nature of the error that
ssh gives... You can watch kiddies banging against the tcp wrapper for hours,
not realising that they are not getting the real thing..

*grin*



---
Nix - nix@xxxxxxxxxxxxxxxx
http://www.susesecurity.com


< Previous Next >
This Thread
Follow Ups