@kaniini the setup for your IRC bot seems a bit weird? What exactly is the "target" host and port?
@kaniini oh, uh... your script references 'target' 'ip', but your example config uses 'target' 'host'.
@KS fixed. thanks for reporting.
@kaniini likewise your script is looking for 'host' 'hostname', but the example config uses 'host' 'host'
(was wondering why it kept going to the wrong address...)
@KS i fixed that too, thanks for reporting as well.
@kaniini one final little thing: kline_cmd in the example config shouldn't have single quotes around it, I don't think; the single quotes wind up in the output and our IRC server didn't like them
after fixing that I got to sit back and watch the bot do its first ban. thanks <3
@KS sorry I dont really know how configparser works
@KS
also there have been a handful of ipv6 bots that weren't detected.
I believe these are because of dual-stack environment where SSH only listens on ipv4 but connections are available on ipv6.
as the antissh bot works by attempting to make use of the same vulnerability as the attack bots, it can only have a positive hit when the IP connecting to the network has ssh available on it
also there have been a handful of ipv6 bots that weren't detected.
I believe these are because of dual-stack environment where SSH only listens on ipv4 but connections are available on ipv6.
as the antissh bot works by attempting to make use of the same vulnerability as the attack bots, it can only have a positive hit when the IP connecting to the network has ssh available on it
the target host/port is an unencrypted (not ssl) destination for the bot to connect to in order to verify the sshd is acting as an open proxy.