Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My OpenSSH is located on a non standard port, 22/tcp is going to the endlessh honeypot.


> endlessh honeypot.

*tarpit

A honeypot lets people "in" to see/research malware that's in the wild:

* https://en.wikipedia.org/wiki/Honeypot_(computing)

A tarpit just takes up the attacker's resources:

* https://en.wikipedia.org/wiki/Tarpit_(networking)


Not what most people run, but SSH honeypots are also useful:

https://lwn.net/Articles/848291/


Not to disappoint you, but except for logging SSH honeypots are becoming useless (most bots automatically disconnect when they detect a long login banner).


So should I add a long banner to my server to disguise it as a honey pot, just in case?


I mean, I'm not sure that you can do that with OpenSSH though (short of recompiling it, which I do not recommend unless you're a company).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: