[kenniskrag]

Nice idea. From the docs:

Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

Since the tarpit is in the banner before any cryptographic exchange occurs, this program doesn't depend on any cryptographic libraries. It's a simple, single-threaded, standalone C program. It uses poll() to trap multiple clients at a time.

https://github.com/skeeto/endlessh

[avidiax]

I spent 10 minutes to set this up. I was shocked to see that I got my first taker less than a second after I opened port 22 on my firewall.

https://www.abuseipdb.com/check/178.62.237.183

Unfortunately, it only wasted 30 seconds of that IP's time.

It's not clear what type of tarpit would waste the most of the operator's time. Maybe something like a "byzantine VM", that seems exploitable, takes payloads, passes initial checks, and then starts having "problems". DDOS attacks redirect to the C&C server. Coin miners report false mined coins. Hosted files have corruption, and won't complete transfer, etc. Whatever it is, it needs to somehow seem like the operator has an error in their code :)

[Breza]

Reminds me of a tactic I tried with telemarketing scams when on paternity leave. I got so many calls like "Your Social Security Number is about to be revoked" that I developed an entire persona with a name, address, SSN, income, debts, and other factors. I spent several baby-naps looking up jobs, apartments, car loan interest rates, and other factors to make the persona as realistic as possible. My wife talked me out of buying a $5 Visa gift card with cash so I could give the scammers a credit card number and keep them talking longer.

[tornato7]

Remember the guy who asked ChatGPT to pretend to be a terminal, you could probably do something similar to mess with SSH intruders.

[operator-name]

I'd be cautious about stuff like this - if you annoy the wrong person that could paint a target on your back.

[dylan604]

Don't discourage someone else from doing it and risk their not coming back to update us on the results. This popcorn is not going to eat itself.

[Zetice]

They're impotent little weasels who couldn't hit a target the size of a barn, so the risk is minimal.

[fsckboy]

"do not guess that it will be your weakest opponent nor guess what they will try, prepare for your strongest adversary and all that they can do" -- mutatis mutandis, Sun Tzu, Art of War

[l33t233372]

Not to disagree with infallible thousands of years old advice, but surely resources are in far shorter supply than potential attacks, so we have to prioritize and filter.

[capableweb]

Realistically though, they'll probably timeout by themselves automatically if they haven't seen a password prompt after N seconds. TCP connections can hang overall, so having that would be basics anyway.

[myself248]

If this was default on port 22 of every cheap router sold, and if you enable ssh it has to go on some other port, it'd frustrate a lot of bad guys.

[internetter]

Ah where's your sense of fun ;)

[jhartwig]

Wow. That is pretty brilliant.

[artursapek]

That’s hilarious