Menu
▾
▴
sshguard-users
|
From: Jos C. <ssh...@cl...> - 2016-06-03 08:04:19
|
Just saw that this one slipped trough SSHGuard: Jun 2 01:11:35 ceto postfix/smtpd[43199]: warning: hostname 178.217.186.124-host.valuehosted.com does not resolve to address 178.217.186.124: hostname nor servname provided, or not known Can you provide a link with which I can upload this text string on your website instead of in this mailing list? Thanks! Best regards, Jos Chrispijn |
|
From: <li...@la...> - 2016-06-03 12:43:29
|
<html><head></head><body bgcolor="#FFFFFF" text="#000000" lang="en-US" style="background-color: rgb(255, 255, 255); line-height: initial;"> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">I've yet to trigger sshguard with postfix, so I appreciate this post. It will help me make a pentest, such as it is. A real pentest would trigger everything known about sshguard detection and in theory unknown attacks. I've thrown a lot of random text at postfix and because of the limited "vocabulary" of MTA, it all gets rejected by postfix. <span style="font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; font-size: initial; text-align: initial; line-height: initial;"><br></span></div> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br style="display:initial"></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"></div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>Jos Chrispijn</div><div><b>Sent: </b>Friday, June 3, 2016 4:04 AM</div><div><b>To: </b>ssh...@li...; ssh...@li...</div><div><b>Subject: </b>[SSHGuard-users] Stow away</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style="background-color: rgb(255, 255, 255);">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<p><font face="Verdana">Just saw that t<font face="Verdana">his one
s<font face="Verdana">l<font face="Verdana">ipped trough
SSHGuard:</font></font></font></font></p>
<pre wrap="">Jun 2 01:11:35 ceto postfix/smtpd[43199]: warning: hostname 178.217.186.124-host.valuehosted.com does not resolve to address 178.217.186.124: hostname nor servname provided, or not known
Can you provide a link with which I can upload this text string on your website instead of in this mailing list? Thanks!
Best regards,
Jos Chrispijn
</pre>
<br><!--end of _originalContent --></div></body></html>
|
|
From: Carmel <car...@ou...> - 2016-06-03 13:04:13
|
On Fri, 03 Jun 2016 08:43:20 -0400 li...@la... wrote: > I've yet to trigger sshguard with postfix, so I appreciate this post. > It will help me make a pentest, such as it is. A real pentest would > trigger everything known about sshguard detection and in theory > unknown attacks. I've thrown a lot of random text at postfix and > because of the limited "vocabulary" of MTA, it all gets rejected by > postfix. I use Postfix and on an average, sshguard is triggered twice a day and sometimes more. I use sshguard in conjunction with IPFW so my setup may be different from yours. It would really help is you posted your "postfix -n" output plus a few examples of log entries that you believe should be triggering a response. -- Carmel |
|
From: <li...@la...> - 2016-06-04 13:38:51
|
I'm using IPFW as well. I haven't seen anything in my maillog that should be triggering sshguard. I just want to test it. Original Message From: Carmel Sent: Friday, June 3, 2016 9:04 AM To: ssh...@li... Subject: Re: [SSHGuard-users] Stow away On Fri, 03 Jun 2016 08:43:20 -0400 li...@la... wrote: > I've yet to trigger sshguard with postfix, so I appreciate this post. > It will help me make a pentest, such as it is. A real pentest would > trigger everything known about sshguard detection and in theory > unknown attacks. I've thrown a lot of random text at postfix and > because of the limited "vocabulary" of MTA, it all gets rejected by > postfix. I use Postfix and on an average, sshguard is triggered twice a day and sometimes more. I use sshguard in conjunction with IPFW so my setup may be different from yours. It would really help is you posted your "postfix -n" output plus a few examples of log entries that you believe should be triggering a response. -- Carmel ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
|
From: Kevin Z. <kev...@gm...> - 2016-06-03 15:31:12
|
On 06/03/16 01:04, Jos Chrispijn wrote: > Just saw that this one slipped trough SSHGuard: > > Jun 2 01:11:35 ceto postfix/smtpd[43199]: warning: hostname 178.217.186.124-host.valuehosted.com does not resolve to address 178.217.186.124: hostname nor servname provided, or not known > > Can you provide a link with which I can upload this text string on your website instead of in this mailing list? Thanks! The issue tracker on Bitbucket is a good place: https://bitbucket.org/sshguard/sshguard/issues?status=new&status=open The list is fine, too, except I've been a bit busy lately and haven't been processing bug reports or list posts. Sorry. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Jos C. <ssh...@cl...> - 2016-06-03 16:14:08
|
In een bericht van 3-6-2016 17:31: > On 06/03/16 01:04, Jos Chrispijn wrote: > The issue tracker on Bitbucket is a good place: > > https://bitbucket.org/sshguard/sshguard/issues?status=new&status=open > Thanks, I will use that and post my Postfix information as well there then. ./Jos |
|
From: <li...@la...> - 2016-06-04 13:36:58
|
So does this mean I would have to IP spoof to test this feature of sshguard? Original Message From: Kevin Zheng Sent: Friday, June 3, 2016 11:31 AM To: ssh...@li... Subject: Re: [SSHGuard-users] Stow away On 06/03/16 01:04, Jos Chrispijn wrote: > Just saw that this one slipped trough SSHGuard: > > Jun 2 01:11:35 ceto postfix/smtpd[43199]: warning: hostname 178.217.186.124-host.valuehosted.com does not resolve to address 178.217.186.124: hostname nor servname provided, or not known > > Can you provide a link with which I can upload this text string on your website instead of in this mailing list? Thanks! The issue tracker on Bitbucket is a good place: https://bitbucket.org/sshguard/sshguard/issues?status=new&status=open The list is fine, too, except I've been a bit busy lately and haven't been processing bug reports or list posts. Sorry. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
Thanks for helping keep SourceForge clean.
X