[Gllug] honeypots and iptables redirects?
Benedikt Heinen
gllug at ml.icemark.net
Sat Sep 3 17:00:55 UTC 2005
> I changed the SSH port to something obscure and the attacks stopped.
That surely is a way - but I'd rather look for something to keep potential
attackers busy so that they eventually get caught out - i.e. either slow
them with a tarpit (connection speed limitation) or better, just silently
forward them to a honey-pot).
For one thing, it (hopefully) gives time to properly report them (while
the attack is still running), if there are on a network where reporting
makes sense (i.e. if they're attacking from a system within Europe/US).
Alternatively, as long as they're digging around a honey-pot, they're at
least not trying to hack other systems - which in turn can only cause
further problems in itself...
Benedikt
--
Gaudeo te illud de me rogavisse.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list