Re: [Full-disclosure] SSH brute force blocking tool

Salut,

On Mon, 2006-11-27 at 16:21 -0500, gabriel rosenkoetter wrote:
Nope, I'm wrong, just the literal string "`/sbin/halt`", which you
never exec.

Well, he does in the iptables command

Mea culpa. Tavis's exploit doesn't so scary things, although he's
right you should really be doing a bit more sanitization of (evil)
user-supplied input, given that you're (insisting that you) run as
root.

Another nice use of this vulnerability is of course the possibility to
blacklist arbitrary IPs (even better: if you have DNS for your local
names, or mDNS, you can e.g. blacklist the workstation of the admin so
he can't log in anymore)

Tonnerre
--
SyGroup GmbH
Tonnerre Lombard

Lösungen mit System
Tel:+41 61 333 80 33 Röschenzerstrasse 9
Fax:+41 61 383 14 67 4153 Reinach BL
Web:www.sygroup.ch tonnerre.lombard@xxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/