Brute.Fail: Watch brute force attacks fail in real...

[mdaniel]

I was actually thinking about that: OT1H, fail2ban would really clean up the list, so it's not monopolized by the one joker, but OTOH given sufficient spans of time it would make the output go quiet, which for this specific case defeats the purpose

I actually much prefer the projects that give the caller a fake shell, and watch what they type after "breaking in." It'd be the Kitboga of ssh attacks :-D

[Sodman]

I would 100% watch the Kitboga of ssh attacks, is that something that exists today? The closest I've seen so far is password purgatory - https://www.troyhunt.com/sending-spammers-to-password-purgat...

[OrangeMusic]

> give the caller a fake shell, and watch what they type after "breaking in."

Oh YES! Do it, please! We could learn a lot!

[nubinetwork]

I believe one of ISC dshield's related projects can do this.

[mdaniel]

Thanks for the reference; after some link chasing I was able to end up on the project I believe you're thinking of: https://github.com/cowrie/cowrie#features (appears to be BSD-3-Clause: https://github.com/cowrie/cowrie/blob/master/LICENSE.rst )