Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?

To: Eric Rudolph Pizzani <erp%digitalserenity.net@localhost>
Subject: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
From: Brian McEwen <bmcewen%comcast.net@localhost>
Date: Fri, 12 Jan 2007 07:10:30 -0500


Pooling two emails in one:


On Jan 12, 2007, at 4:17 AM, Water NB wrote:

But this morning I found the cracker still logined the system afteronly
two tries.
It is impossible to try 2 times to get the correct password.
So I guess that he used the bug of sshd.
What bug? I don't know.

Seems as if it were a sshd bug he'd been in earlier? cyrus is mostlikely.

Nothing leapt out when I checked secunia.org though.

Question 5) empty password means needn't password?
Or means any passwords are invalid?


There is a config setting
PermitEmptyPasswords no
to help in case some get created by mistake.

===============================

On Jan 12, 2007, at 6:20 AM, Eric Rudolph Pizzani wrote:

Is there a way of implementing a block on any IP addresses thattry to login too much? That would probably slow down the crackersability to brute force a login, or whatever it is that he does.


see http://denyhosts.sourceforge.net/
for a pretty capable solution, if you don't mind having python running.

Also see some tips from Alex at
http://restorecd.homeunix.org/NetBSD/

for a script that you might use/tweak that is similar in effect toDenyHosts plus info on spawning a sleep command in hosts.deny thatdeters most 'bot attacks due to timeout.


Luck,

Brian

References:
- NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
  - From: Water NB
- Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
  - From: Eric Rudolph Pizzani

Prev by Date: pkgsrc idea
Next by Date: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
Previous by Thread: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
Next by Thread: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
Indexes:

Home | Main Index | Thread Index | Old Index