Re: [cobalt-security] booting password crackers...

[ChaosIndustries <chaosindustries@xxxxxx>]

Think hosts.deny will work, but is not efficient, cause they after redial
on isp
they will get a new ip. Otherwise you will deny all users using this ISP.

Im using "nerv them up method" in that cases ;)
Use httpd.conf to give out a "fake .htaccess" using a cgi. The same cgi
can check the pass and send a dummy page. So the bruteforcer will
result after each try the pass was found --> This cracker isnt usefull any
more now.
Combined with some WarScripts in Javascript that crackers will have a lot
of
fun ;)

When someone using the write login:pass combination at that cgi redir
then to the new path where the real .htaccess file is.

You can also generate an unshadowed passwd file and store that on anonymous

ftp in /etc with some other files (free composed ;) ). For the passwords in
that
passwd file use some that passwords: do you think im so stupid

When they have checked that their cracker is no longer usefull maybe they
think they can brute the passwd file from that anonymous ftp <hehe>.

Just have fun with them, they will give up when this subjects checking out
that you're playing with them.

You can also use a cgi instead of .htaccess for auth, and send some
tear or syncdrops after the 3rd try, or just flood them.

Be creative ;)

Greetz Sven

Theodore Jones schrieb:

> Hello,
>
> How can I >shunt< brute-force password crackers who keep hammering away
> at the same ./htaccess password mechanism...?  I tried adding their IP
> number to hosts.deny... but that didn't seem to work..?
>
> ~ Theo
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security