Re: [Fwd: [Exploits] SSH Remote Root password Cracking Tool, Qt 3.x bmp Exploit ...]

Thu, 26 Aug 2004 02:22:04 -0500 

On Thu, 26 Aug 2004 01:55:55 +0200
Mezig <[EMAIL PROTECTED]> wrote:

> Nicolas Rueff wrote:
> 
> >On Wed, 25 Aug 2004 17:35:36 +0200
> >Mezig <[EMAIL PROTECTED]> wrote:
> >
> >  
> >
> >>1 id�e et sinon, je vous joint 1 info de chez K-Otik sur QT et surtout 
> >>SSH :( !
> >>    
> >>
> >
> >Ce qui explique pourquoi j'ai des tentatives de connexion sauvage sur ma
> >passerelle depuis quelques jours:
> >
> >Aug 24 17:57:13 firewall sshd[7654]: Failed password for test from 
> >::ffff:67.18.247.2 port 44207 ssh2
> >Aug 24 17:57:15 firewall sshd[7656]: Failed password for guest from 
> >::ffff:67.18.247.2 port 49327 ssh2
> >Aug 24 17:57:18 firewall sshd[7659]: Failed password for admin from 
> >::ffff:67.18.247.2 port 39591 ssh2
> >Aug 24 17:57:20 firewall sshd[7661]: Failed password for admin from 
> >::ffff:67.18.247.2 port 56204 ssh2
> >Aug 24 17:57:22 firewall sshd[7664]: Failed password for illegal user user 
> >from ::ffff:67.18.247.2 port 33377 ssh2
> >Aug 24 17:57:25 firewall sshd[7666]: Failed password for root from 
> >::ffff:67.18.247.2 port 60536 ssh2
> >Aug 24 17:57:27 firewall sshd[7669]: Failed password for root from 
> >::ffff:67.18.247.2 port 41287 ssh2
> >Aug 24 17:57:29 firewall sshd[7671]: Failed password for root from 
> >::ffff:67.18.247.2 port 54616 ssh2
> >Aug 24 17:57:32 firewall sshd[7674]: Failed password for test from 
> >::ffff:67.18.247.2 port 60438 ssh2
> >
> >Lol ;)
> >  
> >
> C 1 'avertissement' technique, mais ext�rieur � la communaut� linux :(! 
> Par contre le PB peut devenir critique sous peu... , vu la quantit� de 
> serveurs sous des OS Libre... :( !
> 
> Sinon , d'apr�s spam-RBL, Adresse IP : 
> 
> 67.18.247.2 .... Cette IP n'est pas recens�e dans notre base ... :)!

bash-2.05b$ host 67.18.247.2
2.247.18.67.in-addr.arpa domain name pointer admin.sh3ll.ro.

> Tu n'as d�j� pas affaire � 1 spammeur... ; mais de l� � te rassurer ... ?

Pas de soucis pour moi: authentification via cl�s priv�es / publiques ;)

> Et sinon avec les options
> 
>  -B, --bogus-nxdomain=<ipaddr>
>               Transform  replies which contain the IP address given into 
> "No such domain" replies. This is intended to counteract a devious move 
> made by Versign
>               in September 2003 when they started returning the address 
> of an advertising web page in response to queries for unregistered 
> names, instead of the
>               correct  NXDOMAIN  response.  This  option  tells dnsmasq 
> to fake the correct response when it sees this behaviour. As at Sept 
> 2003 the IP address
>               being returnd by Verisign is 64.94.110.11
> 
>  -f, --filterwin2k
>               Later versions of windows make periodic DNS requests which 
> don't get sensible answers from the public DNS and can  cause  problems  
> by  triggering
>               dial-on-demand  links.  This  flag turns on an option to 
> filter such requests. The requests blocked are for records of types SOA 
> and SRV, and type
>               ANY where the requested name has underscores, to catch 
> LDAP requests.
> 
> .... de dnsmask, il n'y a pas moyen de faire qque chose.... ?

C'est � dire ? Je ne comprends pas ce que tu veux dire.

> Note que vu mon niveau, c'est pas � toi que je risque 'd'apprendre' 
> grand-chose ..., �a serai +t�t le contraire :( !
> 
> Super ta page, j'y ai lu plein de sujets qui m'int�ressent... :) !

Yep, mais faudrait que je songe � la faire �voluer un poil (derni�re mise �
jour en mars dernier).

> Ajoute peut-�tre qque chose sur ssh et surtout les commandes 'avanc�es', 
> si tu peux... :) ?

Honn�tement: pas le temps et surtout pas le net chez moi, ce qui complique
un chouia la mise � jour des trucs.

-- 
      Nicolas Rueff � Montb�liard � France � http://rueff.homelinux.org
 (^>        [EMAIL PROTECTED] � GPG 0xDD44DAB4
 /v\           Jabber [EMAIL PROTECTED] � ICQ 97700474
<__/  � We are Penguin. Resistance is futile. You will be assimilated. �

Répondre à