F'ing with SSH Goons

[NSweaney at tulsacash.com (Nathan Sweaney)]

Good point.  In that case you wouldn't have to do anything malicious.  A
few minutes on a command line could probably tell you whether the
computer owner was a bad guy or not.  If so, send him a message to let
him know that his machine's a bot.  Might not be legal, but technically
he did connect to you & downloaded your file.  And you could always
disable his NIC for him after the message is in place so that he's sure
to see it (assuming it's not a machine that is critical for life-support
or something crazy).
 
The other side is that even if it was a compromised machine, if you make
the exploit look enticing enough the bot-controller might pull it back
to his own machine.  Who wouldn't want a botnet for Christmas?
 
 
________________________________

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Strzelec,
Wally
Sent: Tuesday, December 09, 2008 12:32 PM
To: Pauldotcom at mail.pauldotcom.com
Subject: Re: [Pauldotcom] F'ing with SSH Goons



I suspect that the hosts that you would be F'ing with are simply
compromised machines.  Since the administrators don't know that they
have been compromised, it is also unlikely that they will notice any
retaliation.

 

http://denyhosts.sourceforge.net/

 

Work for me.



-Wally

 

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Dimitrios
Kapsalis
Sent: Tuesday, December 09, 2008 12:03 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] F'ing with SSH Goons

 

hehe some war games

2008/12/9 Nathan Sweaney <NSweaney at tulsacash.com>

setup a VM and name it something like NORAD-CENTRAL.  Have the intro
message explain that this is a back up server for NORAD Central Command
and that only authorized individuals are allowed access.  Spend some
time & make it look really good.  Then create some really tempting PDF
files that are preconfigured metasploit exploits... you can probably
figure it out from there.   

 

________________________________

From: pauldotcom-bounces at mail.pauldotcom.com on behalf of Karl Schuttler
Sent: Mon 12/8/2008 10:11 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] F'ing with SSH Goons

You could always figure out a way just to have ascii starwars play for
them.

On Mon, Dec 8, 2008 at 9:49 PM, adese <adese0 at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hej all
>
>
>
> So for fun yesterday I put ssh back on port 22 from my usual obscure
> port. Within 5hrs I had someone dictionary attacking my box from the
UK
> (surprise surprise it wasn't China).
>
> Now I'm all about defense and generally not into inviting trouble,
> however, I was wondering if there is anything fun you can do with
those
> types.
>
> I was thinking of creating a common user name with a blank passwd and
> then sending a tty message to them after they went interactive,
because
> honestly it would make me smile a lot just to see them logoff in
fright
> after seeing me see them.
>
> That is fun and all but does any one know of other fun stuff for
> screwing with these jokers?
>
>
>
>
> all the best



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081209/4c5ab5b6/attachment.htm