Re: ssh-rbl's Re: intrusion via ssh
hi ya michelle
On Fri, 1 Apr 2005, Michelle Konzack wrote:
> Am 2005-04-01 02:22:32, schrieb Alvin Oga:
>
> > i still think an rbl-like db for "script kiddie" ip# is a good thing
> > to have esp if it's tcpwrapper based since it can already does the
> > checking for us .. vs modifying the apps itself ( too many of um )
>
> A <rbl-sk> will be nice... and I think, we should create on.
> I think, we are enough here, to maintain such project.
i'm game ... maybe this "developemnt" stuff can go offline ??
i'd like to see something like:
/etc/hosts.allow
sshd: spawn ( ssh-rbl.pl %u %c )
ssh-rbl.pl returns "Allow or not" sorta thing for the given
incoming host ( %u )
- fix the psuedo code as needed to give the proper result to
tcp-wrappers
- should be simple but i think it's 10x more complicated
as we dig into the details
- the standard hosts.deny reply would have been, that we'd change to
rbl style script kiddie lookups queries above
ALL : ALL: spawn ( \
echo -e "\n\
TCP Wrappers\: Connection Refused\n\
By\: $(uname -n)\n\
Process\: %d (pid %p)\n\
User\: %u\n\
Host\: %c\n\
Date\: $(date)\n\
" | /bin/mail -s "From tcpd@$(uname -n). %u@%h -> %d." root)
c y
alvin
Reply to: