Hi All,
I came across endlessh which is an implementation of a SSH tarpit. I never heard of a SSH tarpit before and so read up about it.
As far as I can tell it is a SSH server that you put on your network (typically on port 22) to gummy up the works of any would be hacker who attempts to enter your network with an endless banner message. And then you put your 'actual' SSH service on some other port.
But I dont get why a person would implement this. I mean if you are knowledgeable enough to set up a SSH tarpit and you were concerned about hackers then wouldn't you already have the port set to a different port, exclusively use an SSH key, fail2ban and limit the login attempts.
And I would have thought that any serious hacker would apply a timeout on their code so that it wouldnt hang around long enough attempting a futile SSH connection.
I feel like there would only be some masochistic delight to the thought that some fool gets trapped in one of these things. Is there something that I'm missing as to why one would set this up?
No comments:
Post a Comment