[Dshield] SSH threats

Daniel Cid danielcid at yahoo.com.br
Fri Sep 28 19:28:33 GMT 2007

Hi Tom,

I wouldn't recommend running DenyHosts at all*. It has
a serious vulnerability that hasn't been fixed in


It basically allows anyone to inject any IP (including
the "any" keyword) to your hosts.deny file.

*I know, every tool can have security problems, but it
must be timely patched (especially a tool that is
to improve security).


Daniel B. Cid
dcid ( at ) ossec.net

--- Tom <dshield at oitc.com> escreveu:

> DShield,
> You process ours and others firewall logs to detect
> port activity and 
> identify associated IPs and their activities.  We,
> here, also monitor 
> attempted ssh (and other services) logons with
> DenyHost and deny via 
> TCPwrappers.  Would this information also be
> helpful?
> Tom
> -- 
> Tom Shaw - Chief Engineer, OITC
> <tshaw at oitc.com>, http://www.oitc.com/
> US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
> 321-258-2475(cell/voice mail,pager)
> Text Paging:
> http://www.oitc.com/Pager/sendmessage.html
> AIM/iChat: trshaw at mac.com
> Google Talk: trshaw at gmail.com
> _________________________________________
> SANS Network Security 2007 in Las Vegas September
> 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346

      Flickr agora em português. Você clica, todo mundo vê.

More information about the list mailing list