F'ing with SSH Goons

[cmerkel at gmail.com (Chris Merkel)]

I know it may be boring, but the best thing you can do is make the
authentication process take a *long* time - like 15 - 30 seconds on each
attempt before the person knows if they've been successful or not. The
person has an execution thread dedicated to guessing passwords, and the more
time they waste on your connection, the less time they're spending attacking
vulnerable hosts.

It's like when you let a telemarketer drone on and on before hanging up...

- Chris Merkel

On Mon, Dec 8, 2008 at 8:49 PM, adese <adese0 at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hej all
>
>
>
> So for fun yesterday I put ssh back on port 22 from my usual obscure
> port. Within 5hrs I had someone dictionary attacking my box from the UK
> (surprise surprise it wasn't China).
>
> Now I'm all about defense and generally not into inviting trouble,
> however, I was wondering if there is anything fun you can do with those
> types.
>
> I was thinking of creating a common user name with a blank passwd and
> then sending a tty message to them after they went interactive, because
> honestly it would make me smile a lot just to see them logoff in fright
> after seeing me see them.
>
> That is fun and all but does any one know of other fun stuff for
> screwing with these jokers?
>
>
>
>
> all the best
>
> /adese
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (Darwin)
>
> iEYEARECAAYFAkk93J8ACgkQSsV9wg1YVSIVOwCfYbEt0n7+LQUqQFpTbtIysFp0
> REIAoL288FBwSm/UsHpvVDOq+aRGaFbm
> =iriR
> -----END PGP SIGNATURE-----
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081209/0ce3a2a5/attachment.htm