[Dshield] Interesting information about SSH scans

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Tue Mar 14 17:26:12 GMT 2006


On Mon, 13 Mar 2006 09:15:58 GMT, Rik Kershaw-Moore said:
> I was doing a further trawl of the internet and came across this website:
> 
> http://www.the-art-of-web.com/system/fail2ban/

Look at any such script *very* carefully - I haven't looked closely at this
particular 'fail2ban' script, but I've seen at least one that was *very*
vulnerable to data-injection attacks (basically, by carefully crafting what
userid you tried to login as, you could cause the injection of fairly arbitrary
iptables commands - so adding a '-s 0.0.0.0/0 -j DROP' was quite feasible).

Whoops. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060314/3968c0f4/attachment.bin


More information about the list mailing list