search for: target_host

...testing with a local VM, and the results are... interesting. I installed openssh-SNAP-20240626.tar.gz on a fresh and fully-updated Ubuntu Linux 24.04 LTS VM with 1 vCPU. While leaving the default sshd options unchanged, I was able to reduce idle time to 0.0% using "./ssh- audit.py --dheat=16 target_host". Next, I increased the vCPUs to 4. The same ssh-audit command yielded 54% idle time (averaged over 60 seconds). That's still a lot of strain on the target, despite the fact that the logs claim that the PerSourcePenalties noauth:1 restriction was being triggered. After that, I tried si...

...couldn't reproduce some of them, and I suspect I made a mistake during testing. Being more careful this time, I set up another fully updated Ubuntu 24.04 VM with 4 vCPUs running openssh-SNAP-20240628.tar.gz with all defaults unchanged. When running using "ssh-audit.py --conn-rate-test=16 target_host", the system idle time averaged over 60 seconds was 50%. The /var/log/auth.log file grew 73MB in this time (nearly 400,000 lines were messages produced by the new PerSourcePenalties logging in sshd.c:627). Next, I modified the logging in sshd.c:627 to always use SYSLOG_LEVEL_DEBUG1 instead o...

On Wed, 2024-06-19 at 09:19 -0400, chris wrote: > real world example (current snapshot of portable on linux v. dheater) Thanks for this. However, much more extensive testing would be needed to show it is a complete solution. In my original research article, I used CPU idle time as the main metric. Also, I showed that very low- latency network links could bypass the existing countermeasures.

...ote host supports is ftp. What I want to do is to capture the initial response that comes back from that host before the user credentials are passed and log this information. I cannot seem to hit upon the right set of redirects to make this happen. In my script I invoke ftp thus: ftp -un "$TARGET_HOST" << EOS >> ${LOGGING_FILE} 2>&1 user $LOGON dir quit EOS When I connect to the host via ftp interactively from a session then I see this: Connected to host.domain.tld. 220 HP ARPA FTP Server [A0012H15] (C) Hewlett-Packard Co. 2000 [PASV SUPPORT] Remote system type is MPE...