Re: [Full-disclosure] SSH brute force blocking tool
- From: Tavis Ormandy <taviso@xxxxxxxxxx>
- Date: Tue, 28 Nov 2006 16:02:36 +0000
On Tue, Nov 28, 2006 at 10:56:33AM -0500, J. Oquendo wrote:
Incorrect did you look at the fix? It isn't unsanitized as you state:
J, you have made an attempt to fix it, but is is not sufficient.
An attacker can still add arbitrary hosts to the deny list.
Thanks, Tavis.
--
-------------------------------------
taviso@xxxxxxxxxxxxxxxx | finger me for my pgp key.
-------------------------------------------------------
Attachment:
pgpDukZXiZYAj.pgp
Description: PGP signature
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] SSH brute force blocking tool
- From: Tavis Ormandy
- Re: [Full-disclosure] SSH brute force blocking tool
- From: Thierry Zoller
- Re: [Full-disclosure] SSH brute force blocking tool
- From: J. Oquendo
- Re: [Full-disclosure] SSH brute force blocking tool
- References:
- [Full-disclosure] SSH brute force blocking tool
- From: J. Oquendo
- Re: [Full-disclosure] SSH brute force blocking tool
- From: Tavis Ormandy
- Re: [Full-disclosure] SSH brute force blocking tool
- From: Thierry Zoller
- Re: [Full-disclosure] SSH brute force blocking tool
- From: J. Oquendo
- Re: [Full-disclosure] SSH brute force blocking tool
- From: Tavis Ormandy
- Re: [Full-disclosure] SSH brute force blocking tool
- From: J. Oquendo
- [Full-disclosure] SSH brute force blocking tool
- Prev by Date: Re: [Full-disclosure] SSH brute force blocking tool
- Next by Date: Re: [Full-disclosure] SSH brute force blocking tool
- Previous by thread: Re: [Full-disclosure] SSH brute force blocking tool
- Next by thread: Re: [Full-disclosure] SSH brute force blocking tool
- Index(es):
Relevant Pages
|
