PaulDotCom mailing list archives
F'ing with SSH Goons
From: NSweaney at tulsacash.com (Nathan Sweaney)
Date: Tue, 9 Dec 2008 12:53:43 -0600
Good point. In that case you wouldn't have to do anything malicious. A few minutes on a command line could probably tell you whether the computer owner was a bad guy or not. If so, send him a message to let him know that his machine's a bot. Might not be legal, but technically he did connect to you & downloaded your file. And you could always disable his NIC for him after the message is in place so that he's sure to see it (assuming it's not a machine that is critical for life-support or something crazy). The other side is that even if it was a compromised machine, if you make the exploit look enticing enough the bot-controller might pull it back to his own machine. Who wouldn't want a botnet for Christmas? ________________________________ From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Strzelec, Wally Sent: Tuesday, December 09, 2008 12:32 PM To: Pauldotcom at mail.pauldotcom.com Subject: Re: [Pauldotcom] F'ing with SSH Goons I suspect that the hosts that you would be F'ing with are simply compromised machines. Since the administrators don't know that they have been compromised, it is also unlikely that they will notice any retaliation. http://denyhosts.sourceforge.net/ Work for me. -Wally From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Dimitrios Kapsalis Sent: Tuesday, December 09, 2008 12:03 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] F'ing with SSH Goons hehe some war games 2008/12/9 Nathan Sweaney <NSweaney at tulsacash.com> setup a VM and name it something like NORAD-CENTRAL. Have the intro message explain that this is a back up server for NORAD Central Command and that only authorized individuals are allowed access. Spend some time & make it look really good. Then create some really tempting PDF files that are preconfigured metasploit exploits... you can probably figure it out from there. ________________________________ From: pauldotcom-bounces at mail.pauldotcom.com on behalf of Karl Schuttler Sent: Mon 12/8/2008 10:11 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] F'ing with SSH Goons You could always figure out a way just to have ascii starwars play for them. On Mon, Dec 8, 2008 at 9:49 PM, adese <adese0 at gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hej all So for fun yesterday I put ssh back on port 22 from my usual obscure port. Within 5hrs I had someone dictionary attacking my box from the
UK
(surprise surprise it wasn't China). Now I'm all about defense and generally not into inviting trouble, however, I was wondering if there is anything fun you can do with
those
types. I was thinking of creating a common user name with a blank passwd and then sending a tty message to them after they went interactive,
because
honestly it would make me smile a lot just to see them logoff in
fright
after seeing me see them. That is fun and all but does any one know of other fun stuff for screwing with these jokers? all the best
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081209/4c5ab5b6/attachment.htm
Current thread:
- F'ing with SSH Goons adese (Dec 08)
- F'ing with SSH Goons Karl Schuttler (Dec 08)
- F'ing with SSH Goons Aaron Moss (Dec 08)
- Message not available
- F'ing with SSH Goons Nathan Sweaney (Dec 09)
- F'ing with SSH Goons Dimitrios Kapsalis (Dec 09)
- F'ing with SSH Goons Strzelec, Wally (Dec 09)
- F'ing with SSH Goons Tim Krabec (Dec 09)
- F'ing with SSH Goons Nathan Sweaney (Dec 09)
- F'ing with SSH Goons Karl Schuttler (Dec 08)
- F'ing with SSH Goons Aaron Moss (Dec 09)
- F'ing with SSH Goons Mad Marv (Dec 09)
- F'ing with SSH Goons Joshua Wright (Dec 09)
- F'ing with SSH Goons iamnowonmai (Dec 09)
- F'ing with SSH Goons Nils (Dec 10)
- F'ing with SSH Goons Jim Halfpenny (Dec 12)
- F'ing with SSH Goons iamnowonmai (Dec 12)