On Wed, Nov 26, 2008 at 10:40 AM, Joop Beris
On Wednesday 26 November 2008, David C. Rankin wrote:
Of course you are correct. However, I was being a bit more facetious than serious. More a Tom Sawyer/Huck Finn daydream than an actual plan. My choice of mplayer was just a bit more embellishment, the icing on the cake, if you will. I asked myself what would be one of the biggest binaries I could send (other than video or the openSUSE DVD itself), so I just sorted /usr/bin by size and mplayer was among the top, widely recognized -- just right.
If you're serious about sending something back to the people connecting to your ssh daemon, have a look at sshd's banner directive. It allows you to specify a text file to send to the other side over the ssh connection. You'd be sure they'd get it. I'm sure with some "voodoo" you could do interesting stuff with it.
But seriously, why bother? The "attack" is probably coming from some poor Winblows user who had his machine compromised and doesn't understand why the intarwebs are so slow these days. Or from some admin who doesn't realize their box has been owned. At best, you'll crash the offending program on their end or even their computer. Retaliating doesn't serve any purpose and might even land you in hot water if you retaliate against the wrong target (spoofed IP and/or rabid admin). It only gives you a temporary feeling of satisfaction.
I've been seeing attacks against ssh for a long time. It's a fact of life that when you make a service available to the outside, some lowlife will come and try to abuse that service. If you don't like that, don't run any services on the outside or impose limits on who you allow to connect. If you must run services, take sufficient measures to prevent abuse. If someone connects and wants to rummage around with the locks or knock on the door, fine. It's all part of the "background radiation" of the internet. If someone seriously tries to get in or is very persistent, report them to their ISP. They'll mostly be grateful for the information.
Retaliation is a waste of bandwidth at best, and could land you in trouble at worst. At any rate, you're just polluting the already polluted "pipes" of the "intarwebs".
Just my 2 cents,
Joop
Hi Well, you could use it to send the hacked windows system a message. Something that'll alert the user there is something terribly wrong and request him to install a firewall and a virusscanner (or switch to a different one). Something that will not damage the system or impare his work even further. It may even remove pollution. Neil -- While working towards the future one should be ensuring that there is a future to work to. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org