[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: h4x0rs

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: h4x0rs
From: Thorsten Glaser <tg_(_at_)_66h_(_dot_)_42h_(_dot_)_de>
Date: Wed, 1 Dec 2004 11:52:03 +0000

Joakim Aronius dixit:

>Yep, you are right. I checked my script for doing the sshblock and i
>use a regexp to get the ip. The attacker could of course enter an ip
>address as a user name which i didn't think of before. Proves again
>that one can never be too paranoid.. :) /jkm

(Please wrap your lines correctly.)

tg_(_at_)_odem:/home/tg $ x='Dec  1 06:30:18 odem sshd[4420]: Accepted password \
for tg from 2001:6f8:1315:caffe:feed:5150:cafe:babe port 17217 ssh2'
tg_(_at_)_odem:/home/tg $ x=${x%@(port )+([0-9])@( )+([0-9a-z])}     
tg_(_at_)_odem:/home/tg $ print ${x##*from@( )}                  
2001:6f8:1315:caffe:feed:5150:cafe:babe

ksh > cut > regexps > perl ;-)
(Sorry Marc, no offense. All IMHO.)

bye,
//mirabile

Prev by Date: packet loss when carp box reboots
Next by Date: Re: your scponly port to openbsd
Previous by thread: packet loss when carp box reboots
Next by thread: Re: your scponly port to openbsd
Index(es):
- Date
- Thread

Visit your host, monkey.org