Re: SSH bruteforce on its way...

From: Lionel Ferette (lionel.ferette_at_belnet.be)
Date: 10/26/05

  • Next message: Bryan Hatter: "Re: SSH bruteforce on its way..." 
    To: incidents@securityfocus.com
Date: Wed, 26 Oct 2005 08:29:17 +0200

    Hello Michael,

    In the wise words of Michael.Lang@jackal-net.at, on Tuesday 25 October 2005
    09:29:
    [SNIP]
    > I've put the session data on a website
    > (http://www.jackal-net.at/tiki-read_article.php?articleId=20) where you can
    > see what i've setup and what the guys where doing. (currently only one
    > session is online but i'm sure, others will follow :) ... )
    Just had a look at that page, and I would recommend against using ethereal to
    capture traffic: there are too many vulnerabilities in ethereal's decoders (a
    few have been disclosed last week) to allow that program to run unattended as
    root (needed to capture traffic). Instead, I always recommend to use tcpdump:
     tcpdump -s 1500 -w traffic.trace port 22
    (in your case you're only interested in ssh traffic, aren't you? otherwise,
    just skip the 'port 22' part).

    Then, *as a normal user*, open the trace file with ethereal if you don't like
    tcpdump's output of
     tcpdump -s 1500 -r traffic.trace -X

    Regards,

    Lionel 

    -- 
"To understand how progress failed to make our lives easier,
please press 3"
Lionel Ferette
BELNET CERT Coordinator
Tel: +32 2 7903385                  http://cert.belnet.be/
Fax: +32 2 7903375                  PGP Key Id: 0x5662FD4B

  • Next message: Bryan Hatter: "Re: SSH bruteforce on its way..."

    Relevant Pages

    • RE: Using ISA for 1 IP Address on net with hardware firewall on other
      ... Security can be a bit tricky, ... Server Publishing OWA, the default SBS2K3 installation ... does not recommend this and I concur, ... deploy OWA on its own virtual website. ...
      (microsoft.public.isa)
    • Re: "aged" beginner...should I get a modeling amp? Thinking of Line 6 spider III
      ... I would recommend getting a 12" speaker over a 10 or 8. ... "honky" compared with the 12"ers on my Peavey Bandit and Epi Valve Jr ... To get a jumpstart on some cheap FX I'm happy with the Korg ... You could get the whole setup for just about $330. ...
      (alt.guitar.amps)
    • Re: Looking for inspiration
      ... >>I was wondering if anyone could recommend a website where there are ... >>pictures of jewelers work on display. ... >>website as a prime example). ...
      (rec.crafts.jewelry)
    • Re: Another GFCI Question
      ... Home Depot recommend the 1-2-3 Wiring book, which looks good, and has a ... Here's a good website: ... Keep in mind that your house is a candidate for a complete re-wire. ...
      (alt.home.repair)
    • Re: exchange 2003 web mail certificate error
      ... The web app is throwing this error when browsing to: ... The security certificate presented by this website was not issued by a trusted certificate authority. ... We recommend that you close this webpage and do not continue to this website. ...
      (microsoft.public.exchange.admin)
    • Quantcast