IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Redirect requests from that IP to goatse.cx.
New It's ssh, he wouldn't see anything
I'm more interested in finding out if he got through and did anything.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New Im assuming you are running tcp wrappers
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 50 years. meep
New Good question
This box was out-of-commission for over a year. I haven't spent much time re-familiarizing myself with what's on it. So what is/are tcp wrappers, what's it for, and how do I check if I've got it?
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New tcp wrappers
[link|http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-tcpwrappers.html|http://www.redhat.co...-tcpwrappers.html] redhat description
basically it is an ACL based on ip inbound packets

tcp_allow
drewk's work site
folkert to fix things

tcp_deny
anyone else

if the packet is on the allowed list then the inbound service is called, in this case sshd to service ssh requests.
thanx,
bill
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 50 years. meep
New Debian by default uses tcp_wrappers.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?
SELECT * FROM scog WHERE ethics > 0;

0 rows returned.
New And to check/configure it?
I can't find a conf file anywhere with 'wrap' in the name.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New Well, lesse
How about /etc/hosts.deny and /etc/hosts.allow.

I keep telling you to ignore them. If you want to use tcp wrappers, still, look for other options they'll be better in the long run... though tcp_wrappers adds yet another layer of control, it might be to much for you to handle.

Knight is proof of at least 500K SSHD connects like that.

If you really want to do something about it or don't want to be bothered by the log entries, change logging levels on SSHD and PAM...

Or do something smart like looking at using KNOCKD.
[greg@king:~]$ apt-cache show knockd\nPackage: knockd\nPriority: optional\nSection: net\nInstalled-Size: 168\nMaintainer: Leo Costela <costela@debian.org>\nArchitecture: i386\nVersion: 0.5-1\nDepends: libc6 (>= 2.3.2.ds1-21), libpcap0.8, logrotate\nFilename: pool/main/k/knockd/knockd_0.5-1_i386.deb\nSize: 25382\nMD5sum: 45cf0ccba2f9130656b2b91bdeed6c53\nDescription: small port-knock daemon\n A port-knock server that listens to all traffic on a given network\n interface (only Ethernet and PPP are currently supported), looking for\n a special "knock" sequences of port-hits. A remote system\n makes these port-hits by sending a TCP (or UDP) packet to a port on the\n server. When the server detects a specific sequence of port-hits, it\n runs a command defined in its configuration file. This can be used to\n open up holes in a firewall for quick access.\n .\n URL: http://www.zeroflux.org/knock/\nTag: interface::daemon, protocol::ethernet, role::sw:server
There are other apps that do similar. Including opening certain ports for services for a short time to allow whatever service and then closing.



FYI Fecking Comcast is sending out a technician to my house to fix my cable modem. Last time they were here, they found that nothing was wrong, in fact they found less than 1db signal loss from the lines on the pole to the cable modem itself. AND, they tested from the Lines on the pole to the DOCSIS router and it had WONDERFUL signal strength, almost "too much". But for DOCSIS, ain't no such thing.

I have noticed they finally are getting around to enforcing authorized/not-authorized firmware on cable modems. Updating automagically with a Certificate signature from the Cable Modem Manufacturer. This is causing lots of issues. Framing Errors, Sync problems, Timing problems, TFTP and DHCP problems, among other things.

I am betting that the tech won't find a damn thing wrong with my stuff YET AGAIN!
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?
SELECT * FROM scog WHERE ethics > 0;

0 rows returned.
New knockd sounds like that old shark skit on snl
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 50 years. meep
New Okay okay, I get the point
I just feel like the kid in the back seat of the car complaining about his brother, "Stop touching me! Mom, he's touching me!"
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New 'Twas a joke. :(
Seriously, though, just firewall him off, or redirect him to a honeypot, or something. See if you can find an upstream provider, and report him.
When somebody asks you to trade your freedoms for security, it isn't your security they're talking about.
New Besides, wasn't goatse.cx finally pulled down?
New You'll have to do better than that to get me to check it
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New :-)
I'm taking vacation today...

[link|http://en.wikipedia.org/wiki/Goatse.cx|Wikipedia]:

As of January 14, 2004, the domain goatse.cx is no longer online. However, many mirrors of the site are still available and the image itself has been posted at many other websites.


HTH!

Cheers,
Scott.
New Ooh, Wikipedia ... that's authoritative
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New The final word. 27 kB .img
[image|http://bighappyfaces.com/happy-face_happyface_smiley_800x800.gif|0|Big Happy Face|800|800]


Had you worried, didn't I?

[link|http://www.kuro5hin.org/story/2004/1/16/03540/4020|Kuro5hin] story on goatse.cx's demise.

HAND!

Cheers,
Scott.
New Hit the stop button JUST in the nick of time. Pshew!
     Somebody's been trying to crack me - (drewk) - (18)
         Redirect requests from that IP to goatse.cx. -NT - (inthane-chan) - (16)
             It's ssh, he wouldn't see anything - (drewk) - (15)
                 Im assuming you are running tcp wrappers -NT - (boxley) - (7)
                     Good question - (drewk) - (6)
                         tcp wrappers - (boxley)
                         Debian by default uses tcp_wrappers. -NT - (folkert) - (4)
                             And to check/configure it? - (drewk) - (3)
                                 Well, lesse - (folkert) - (2)
                                     knockd sounds like that old shark skit on snl -NT - (boxley)
                                     Okay okay, I get the point - (drewk)
                 'Twas a joke. :( - (inthane-chan) - (6)
                     Besides, wasn't goatse.cx finally pulled down? -NT - (Another Scott) - (5)
                         You'll have to do better than that to get me to check it -NT - (drewk) - (4)
                             :-) - (Another Scott) - (3)
                                 Ooh, Wikipedia ... that's authoritative -NT - (drewk) - (2)
                                     The final word. 27 kB .img - (Another Scott) - (1)
                                         Hit the stop button JUST in the nick of time. Pshew! -NT - (inthane-chan)
         Never you mind those... - (folkert)

99% of lawyers give the rest a bad name...
104 ms