Hacker News new | ask | show | jobs
by jimsi 1724 days ago
My OpenSSH is located on a non standard port, 22/tcp is going to the endlessh honeypot.
2 comments
throw0101a 1723 days ago
> endlessh honeypot.

*tarpit

A honeypot lets people "in" to see/research malware that's in the wild:

* https://en.wikipedia.org/wiki/Honeypot_(computing)

A tarpit just takes up the attacker's resources:

* https://en.wikipedia.org/wiki/Tarpit_(networking)

link
judge2020 1723 days ago
Not what most people run, but SSH honeypots are also useful:

https://lwn.net/Articles/848291/

link
zinekeller 1724 days ago
Not to disappoint you, but except for logging SSH honeypots are becoming useless (most bots automatically disconnect when they detect a long login banner).
link
sudobash1 1723 days ago
So should I add a long banner to my server to disguise it as a honey pot, just in case?
link
zinekeller 1723 days ago
I mean, I'm not sure that you can do that with OpenSSH though (short of recompiling it, which I do not recommend unless you're a company).
link