Re: Cracking attempt dilemma

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\der.hans at <-
MMKevin Brown at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: June Tate
Date:  
To: plug-discuss
Subject: Re: Cracking attempt dilemma
der.hans wrote:
|>
|>On by default? As in "X11Forwarding yes" in /etc/sshd_config?
|>
|>I've found that if you leave it set to no that you can still do X11
|>forwarding if the server has xauth installed and you pass the -X option
|>to ssh. What's the reasoning for turning it on by default? O.o
|
| It does? Hmm, gonna have to try that again. Last I tried, a couple of
| months ago, I needed to turn on X11Forwarding at the server in order
to get
| X forwarding over ssh.

My mistake. I must have checked the setting and not reloaded sshd or
something, because now it behaves exactly as you describe. =op

The man pages describing the option, however, are a slight bit
misleading on the topic -- they seem to imply that it can still be
possible to do.

| I think most people deny based on IPs that have been allocated to .cn. I
| want to put in rules like this, so I'll be figuring it out soon, just not
| quite yet :).

I figured a line in hosts.deny to block based on reverse DNS mappings
would be a simple, quick solution, and probably a bit easier than
figuring out whole blocks of IPs allocated to China.

| Putting the rules in hosts.deny is probably good, but I will likely put
| them in the firewall rules. Maybe I'll finally right some 'mess with the
| attackers' rules. You know, things that port forward to random services,
| then either kill all future packets from the offending IP or port forward
| to other services. I guess I really need a daemon that'll pretend to be
| various things. It'd be fun to claim to be an ftp daemon that's insisting
| on some finger protocol and wanting to use ssh keys ;-).

Who's the daemon, you or the software? It's a devilishly fun idea, and
almost makes me want to setup a honeypot with something like that on my
second IP. Maybe it should be called a gremlin instead... >=o)

| If you do hop on the Net make sure to use your own local computer and
| hopefully one-time passwords.

Bringing my own local box to China doesn't sound like a good idea.
Sortof like leading a hen into a den of foxes.

| Oh and carry knoppix :).

Letting Knoppix do the dirty work and take over someone else's computer,
though, sounds much more appealing. >=o)

- --
June Tate * http://www.theonelab.com *

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Bad mother board?Re: cable modem purchase->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)