You don't even need a honeypot, simply ban ip addresses for some time after X fa... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

cycomanic on May 15, 2020 | parent | context | favorite | on: Port knocking

You don't even need a honeypot, simply ban ip addresses for some time after X failed login attempts.

lloeki on May 15, 2020 [–]

The point of the honeypot is that there's no heuristic causing any delay or elusive attacker being missed (e.g botnet trying once per IP). You don't even need any processing time, nor even complete syn/synack/ack: any TCP connection attempt to that port triggers an instaban.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact