Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Openssh + security
  • From: John Summerfield <suse@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 13 Dec 2005 22:13:30 +0800
  • Message-id: <439ED70A.7070009@xxxxxxxxxxxxxxxxxxxxxx>
Admin wrote:
> A more amusing alternative is to move SSH to another port, and put the
> LaBrea tarpit on port 22 and any other commonly attacked ports (firewall
> module).

I uite like this:

summer@www:~$ cat /etc/xinetd.d/telnet
# default: off
# description: An internal xinetd service which gets the current system time
# then prints it out in a format like this: "Wed Nov 13 22:30:27 EST 2002".
# This is the tcp version.
service telnet
{
disable = no
socket_type = stream
protocol = tcp
user = games
wait = no
flags = NAMEINARGS
server = /usr/sbin/tcpd
server_args = /bin/false
}

summer@www:~$

with this:
summer@www:~$ tail -4 /etc/hosts.deny

false: ALL: spawn ((echo attack from %h;id -a) | \
/usr/bin/mail -s %d-%h root) &

summer@www:~$

Good places to attach it where the services are not otherwise engaged:
telnet
ftp
ssh

There are probably better things to do that send email, but I just set
this up as a POC; you can't actually trigure it becaus the firewall
keeps you out.


< Previous Next >
References