undefined | Better HN

0 pointsChuckMcM9y ago0 comments

It was a hack, I was getting a nice regular supply of probes from Brazillian addresses, connect to port 22, try 5 different passwords on several different ids ad naseum. So I hacked the openssh server to start mutating the response packets. (very trivial genetic programming where the 'fitness' function value was time to respond between calls, longer = better) That went on for a while until the mutated response was somewhere around 10K bytes and then the call would just stop. A couple of weeks after that I got DDOS'd from a Brazilian botnet. Fail2ban cleaned that up but in practical terms it was easier to just use fail2ban on all of that.

0 comments

2 comments · 1 top-level

Crespyl9y ago· 1 in thread

That sounds extremely interesting, do you have a write up or source code somewhere?

I'd be interested to hear about more applications of adaptive/genetic code to network security.

ChuckMcMOP9y ago

I think it sounds more complicated than it is, think of it as response fuzzing. It is exactly like trying to find vulnerabilities in servers by sending them fuzzed packets except in this case you're trying to find vulnerabilities in clients by returning a fuzzed packet.

j / k navigate · click thread line to collapse