awaketalks

I have installed ubuntu 8.0.4 and am tring to get the compiz add on to work. Am i wasting time trying on an dell inspiron 1525 have noticed a lot of brute-force or dictionary attacks on my FTP server. Most of the time, the attacker is running their own FTP server, so they were probably themselves compromised by the same attack, and their system is now being used by their attacker to attack my server. I’ve been using fail2ban to block them, but I thought it might be cool instead to actually connect to their server and proxy everything, logging any successful logins.

Would there be anything illegal about this? My script doesn’t spoof, it only proxies. Their own FTP banner will be sent to them. They are essentially interacting with their own server. It does log passwords, but they willingly connected to my server and provided the passwords. I would be concerned about implicating yourself in already-compromised system behavior. If you’re redirecting logins from your host and they are successful then you’re now a user on their FTP server (a big if). (Authorized or otherwise) You now have to hope there’s nothing on there that might incriminate you. (most likely not)

Although you are presenting them with their own banner, does that banner say “you are allowed to use this system for your own purpose”, or anything about it being an open system?

To what end are you redirecting the attacks? Are you simply trying to find out what username/passwords work on the compromised system? Although that sounds interesting it may not be worth the risk (of involving yourself) if you’re only going to uncover bad passwords.
teh_drizzle is online now