[Gllug] honeypots and iptables redirects?

Benedikt Heinen gllug at ml.icemark.net
Sat Sep 3 17:00:55 UTC 2005


> I changed the SSH port to something obscure and the attacks stopped.

That surely is a way - but I'd rather look for something to keep potential 
attackers busy so that they eventually get caught out - i.e. either slow 
them with a tarpit (connection speed limitation) or better, just silently 
forward them to a honey-pot).

For one thing, it (hopefully) gives time to properly report them (while 
the attack is still running), if there are on a network where reporting 
makes sense (i.e. if they're attacking from a system within Europe/US).

Alternatively, as long as they're digging around a honey-pot, they're at 
least not trying to hack other systems - which in turn can only cause 
further problems in itself...




Benedikt

--
                     Gaudeo te illud de me rogavisse.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list