[Gllug] honeypots and iptables redirects?
Benedikt Heinen
gllug at ml.icemark.net
Sat Sep 3 16:20:13 UTC 2005
Seeing how many people just try ssh brute force break-in attempts is
starting to make me feel sick... :-(
I already use fail2ban, to stop attempts. But I wonder, in order to bring
the general number of attacks down - whether it would be more worth while
trying to set up a honeypot and have fail2ban not block an ip-address, but
redirect to the honeypot instead...? Anyone tried something like that?
Alternatively - tried using the tar-pit approach? (i.e. after that and
that many unsuccessful attempts have fail2ban, or a similar tool, just
limit the throughput to that port to a couple of packets a minute)...
I'd be interested to know whether anyone here tried something like this,
and what experiences you've made with that approach...?
Benedikt
--
Gaudeo te illud de me rogavisse.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list