Security Incidents mailing list archives
Re: SSH attacks?
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 29 Jul 2004 20:26:23 -0500
On Thu, 2004-07-29 at 05:12, Christine Kronberg wrote:
Because I'm not alone in my host. It serves a couple of friends as well. Worry is only a part of the story - I'm awfully curious. I want to know what these people are doing but I don't want my node to be compromised. As a matter of fact I find it very instructive to see what people are trying to accomplish. Sometimes I can use this knowledge to help other people. I don't want to miss that.
You can always run a honeypot or a fake SSH daemon (preferable in a jail) on port 22, but run "the real" daemon on a non-standard port. That allows you to "keep an eye on all things SSH" while at the same time not subjecting your host to the easy scanners and script kiddies. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- SSH attacks? Robin (Jul 27)
- Re: SSH attacks? Tobias Rice (Jul 27)
- Re: SSH attacks? Chris Brenton (Jul 28)
- Re: SSH attacks? Josh Tolley (Jul 27)
- Re: SSH attacks? Chris Brown (Jul 27)
- Re: SSH attacks? Adam Young (Jul 27)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Pieter-Bas IJdens (Jul 29)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Pieter-Bas IJdens (Jul 30)
- Re: SSH attacks? Frank Knobbe (Jul 30)
- Re: SSH attacks? Jay D. Dyson (Jul 30)
- Re: SSH attacks? Frank Knobbe (Jul 31)
- Re: SSH attacks? mgotts (Jul 31)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Tobias Rice (Jul 27)
- Re: SSH attacks? Steve Schuster (Jul 29)
- Re: SSH attacks? Merlijn Tishauser (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Chris Brenton (Jul 29)
- Re: SSH attacks? Valdis . Kletnieks (Jul 30)