[Gllug] honeypots and iptables redirects?
Ken Smith
kens at kensnet.org
Sat Sep 3 16:54:48 UTC 2005
Benedikt Heinen wrote:
>
> Seeing how many people just try ssh brute force break-in attempts is
> starting to make me feel sick... :-(
> /snip/
> Alternatively - tried using the tar-pit approach? (i.e. after that
> and that many unsuccessful attempts have fail2ban, or a similar tool,
> just limit the throughput to that port to a couple of packets a
> minute)...
I changed the SSH port to something obscure and the attacks stopped. The
net is going nuts this week. My router has been turning away a barage of
ICMP and TCP port 139 traffic for days now.
As an aside - in the days of DECNet 4 (at Digital) there was a network
security group that scanned machines for vunerabilities. DECNet did not
have timeouts the way TCP/IP does, so when my machine was scanned I
arranged for the process to hang and so did the remote scanning process.
The stopped bothering with my box after a while. (Apologies if the guy
from Valbonne is on this list) I heard of another group of Network
Police (not at Dec), if they could trash your machine they would, no
point complaining about it, if you had left it vunerable it was your
fault - Yikes!
Ken
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list