Security Incidents mailing list archives

Re: SSH attacks?

From: Frank Knobbe <frank () knobbe us>
Date: Thu, 29 Jul 2004 20:26:23 -0500

On Thu, 2004-07-29 at 05:12, Christine Kronberg wrote:

  Because I'm not alone in my host. It serves a couple of friends as well.
  Worry is only a part of the story - I'm awfully curious. I want to know
  what these people are doing but I don't want my node to be compromised.
  As a matter of fact I find it very instructive to see what people are
  trying to accomplish. Sometimes I can use this knowledge to help other
  people. I don't want to miss that.


You can always run a honeypot or a fake SSH daemon (preferable in a
jail) on port 22, but run "the real" daemon on a non-standard port. That
allows you to "keep an eye on all things SSH" while at the same time not
subjecting your host to the easy scanners and script kiddies.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

SSH attacks? Robin (Jul 27)
- Re: SSH attacks? Tobias Rice (Jul 27)
  - Re: SSH attacks? Chris Brenton (Jul 28)
- Re: SSH attacks? Josh Tolley (Jul 27)
- Re: SSH attacks? Chris Brown (Jul 27)
- Re: SSH attacks? Adam Young (Jul 27)
  - Re: SSH attacks? Christine Kronberg (Jul 29)
    - Re: SSH attacks? Pieter-Bas IJdens (Jul 29)
    - Re: SSH attacks? Christine Kronberg (Jul 29)
    - Re: SSH attacks? Pieter-Bas IJdens (Jul 30)
    - Re: SSH attacks? Frank Knobbe (Jul 30)
    - Re: SSH attacks? Jay D. Dyson (Jul 30)
    - Re: SSH attacks? Frank Knobbe (Jul 31)
    - Re: SSH attacks? mgotts (Jul 31)
    - Re: SSH attacks? Steve Schuster (Jul 29)
    - Re: SSH attacks? Merlijn Tishauser (Jul 30)
- Re: SSH attacks? Tom Laermans (Jul 27)
- Re: SSH attacks? buzz (Jul 27)
  - Re: SSH attacks? Jyri Hovila (Jul 29)
    - Re: SSH attacks? Chris Brenton (Jul 29)
    - Re: SSH attacks? Valdis . Kletnieks (Jul 30)

(Thread continues...)