[Dshield] SSH threats

Daniel Cid danielcid at yahoo.com.br
Fri Sep 28 19:28:33 GMT 2007


Hi Tom,

I wouldn't recommend running DenyHosts at all*. It has
a serious vulnerability that hasn't been fixed in
months:


http://www.ossec.net/en/attacking-loganalysis.html#denyhosts


It basically allows anyone to inject any IP (including
the "any" keyword) to your hosts.deny file.


*I know, every tool can have security problems, but it
must be timely patched (especially a tool that is
meant
to improve security).


Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net


--- Tom <dshield at oitc.com> escreveu:

> DShield,
> 
> You process ours and others firewall logs to detect
> port activity and 
> identify associated IPs and their activities.  We,
> here, also monitor 
> attempted ssh (and other services) logons with
> DenyHost and deny via 
> TCPwrappers.  Would this information also be
> helpful?
> 
> Tom
> -- 
> 
> Tom Shaw - Chief Engineer, OITC
> <tshaw at oitc.com>, http://www.oitc.com/
> US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
> 321-258-2475(cell/voice mail,pager)
> Text Paging:
> http://www.oitc.com/Pager/sendmessage.html
> AIM/iChat: trshaw at mac.com
> Google Talk: trshaw at gmail.com
> 
> _________________________________________
> SANS Network Security 2007 in Las Vegas September
> 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346
> 



      Flickr agora em português. Você clica, todo mundo vê.
http://www.flickr.com.br/


More information about the list mailing list