Interesting security discovery.

Hi,
I was trying to improve on my banhosts utility and while
searching for 
possible features I found this page 
http://tdot.blog-city.com/securing_ssh_with_denyhosts.h
tm

Spawning of deny hosts from hosts.deny is interesting. So I
was trying 
to experiment and spawned "sleep 20" command. By
accident I forgot to 
remove it and later checking my logs I found that no breakin
attempts 
were made. I had several ports scanning attempts but no
breakin attempts 
after.

Having this command in tcp wrappers file delays prompt by 20
seconds and 
I guess automated scripts timeout before getting the prompt.
I think I 
will leave this command in my file just to see how many
attempts I would 
get.

This solution maybe not appropriate for hosts with high
number of ssh 
users but for http/ftp/game servers it will make password
guessing very 
time consuming.

Any opinions?

Thanks,
Alex

On Tue, 12 Sep 2006, Alex Pelts wrote:
> Any opinions?

This doesn't seem to be specific to the Cobalt port, and
may
be better be posted to tech-securityNetBSD.org for proper focus
& 
feedback.


  - Hubert