undefined | Better HN

ChuckMcM9y ago· 2 in thread

I did a killclient which would send back a malformed packet to any ssh handshake and kill the connecting client. This made the pentesters mad. Sending them spoilers will just make the sad, and not so mad.

pbhjpbhj9y ago

Is that a feature or was that a hack. Did the same packet kill multiple clients? More info?

ChuckMcM9y ago

It was a hack, I was getting a nice regular supply of probes from Brazillian addresses, connect to port 22, try 5 different passwords on several different ids ad naseum. So I hacked the openssh server to start mutating the response packets. (very trivial genetic programming where the 'fitness' function value was time to respond between calls, longer = better) That went on for a while until the mutated response was somewhere around 10K bytes and then the call would just stop. A couple of weeks after that I got DDOS'd from a Brazilian botnet. Fail2ban cleaned that up but in practical terms it was easier to just use fail2ban on all of that.

1 more reply

userbinator9y ago· 1 in thread

Somewhat tangentially related: a long time ago, certain scanning tools would crash or otherwise not react well to getting a stream of /dev/urandom. You could consider this the more human version.

mattstreet9y ago

And then someone uses you in an DoS amplification attack instead of going after you directly.

sillysaurus39y ago

It will make your pentesters sad. We like movies.

laser9y ago

No, just good humor :)

snorkel9y ago

Nope. Good fun but not good security. Better to just refuse the connection.

fweespeech9y ago

It depends if you want to annoy human pentesters to give you the finger.

Also, no.

0 comments

0 comments