LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-30-2014, 03:51 PM   #61
Cesare
Member
 
Registered: Jun 2010
Posts: 65

Rep: Reputation: 113Reputation: 113

A command like this:
Code:
ssh -l "hokus pokus 0.0.0.0/0" myhost.com
will result in a log entry like this:
Code:
Jun 30 22:06:12 myhost sshd[10140]: Invalid user hokus pokus 0.0.0.0/0 from 192.168.23.42
When awk then reads column #5 it gets 0.0.0.0/0 instead of the actual IP and the resulting iptables rule will drop all traffic from every IP.

The iplist seems to be permanent, so if this happens on a remote system where ssh is your only means of access, if the cron job runs frequently enough you're very likely completely locked out.

Don't let this discourage you from developing your own implementation of the "fail2ban" idea. But be very, very careful when handling any sort of user provided input (see xkcd).
 
Old 06-30-2014, 05:13 PM   #62
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by Cesare View Post
A command like this:
Code:
ssh -l "hokus pokus 0.0.0.0/0" myhost.com
will result in a log entry like this:
Code:
Jun 30 22:06:12 myhost sshd[10140]: Invalid user hokus pokus 0.0.0.0/0 from 192.168.23.42
When awk then reads column #5 it gets 0.0.0.0/0 instead of the actual IP and the resulting iptables rule will drop all traffic from every IP.

The iplist seems to be permanent, so if this happens on a remote system where ssh is your only means of access, if the cron job runs frequently enough you're very likely completely locked out.

Don't let this discourage you from developing your own implementation of the "fail2ban" idea. But be very, very careful when handling any sort of user provided input (see xkcd).
Well that's ingenious except for you must know the script to come up with that trick. What if I change '{ print $5 }' for '{ print $NF }'? This is the principal advantage of using your own scripts instead of a public source like falibar of funny2bar or whatever you're selling me.

Jokes doesn't offend me but the next time put "for fun" by title, please, so we laugh together.
 
Old 07-03-2014, 03:30 PM   #63
ttk
Senior Member
 
Registered: May 2012
Location: Sebastopol, CA
Distribution: Slackware64
Posts: 1,038
Blog Entries: 27

Rep: Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484
There are folks who find and exploit such vulnerabilities for fun. They are mostly the same people who fiddle with SQL injection attacks. They're accustomed to not knowing how the back-end script is written, but have learned what common mistakes many developers make when coming up with their own ad hoc security solutions.

At a NBLUG meeting last year, I watched a demonstration illustrating some ways you could get a commodity home DSL modem to run arbitrary shell commands via form content injection tricks on its web-GUI administrative interface. It was obvious that the guy really relished his craft.

I don't know how many folks like him are out there, or if any of them might decide to poke at your server's security, but would you want to take that risk?
 
Old 07-08-2014, 12:30 PM   #64
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
And you avoid the risk of learning yourself how to secure your system downloading some software that someone in some forum told you is good and installing it.
 
Old 07-09-2014, 12:03 AM   #65
ttk
Senior Member
 
Registered: May 2012
Location: Sebastopol, CA
Distribution: Slackware64
Posts: 1,038
Blog Entries: 27

Rep: Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484
Quote:
Originally Posted by eloi View Post
And you avoid the risk of learning yourself how to secure your system downloading some software that someone in some forum told you is good and installing it.
Not at all. It's good to learn skills. Everyone starts as a beginner. But as a beginner, you are better off working on a team of more-experienced developers and administrators who can point out mistakes as you make them, and teach you best practices.

You can learn by filling your internet-facing server with amateurish solutions and watching it burn, but it's not the best idea.
 
  


Reply

Tags
email, internet, slackware, www


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu server works on LAN but can not get to the internet or the internet to it. techyjpt Linux - Networking 20 05-08-2012 02:41 PM
[SOLVED] Sharing internet connection(wireless server internet, wired network client) vladimir1986 Linux - Networking 4 07-25-2011 10:34 AM
internet server that use a prepaid account to access the internet elgieb1 Linux - General 0 02-19-2007 11:59 PM
Slackware 10.2 Problems: Display Server/SAMBA/Lisa/Finding the internet Steven_Shelton Slackware 7 11-22-2005 01:13 AM
Unable to access my ssh server and ftp server from the Internet, but smtp works foxone Linux - Networking 1 05-28-2004 05:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration