Honeypots mailing list archives
Re: Displaying SSH password attempts
From: Valdis.Kletnieks () vt edu
Date: Wed, 05 Jul 2006 12:19:10 -0400
On Wed, 05 Jul 2006 17:01:35 BST, Tom Doherty said:
Sorry, I must of not made myself clear. My query wasn't about preventing ssh bruteforcing (such threads have been done to death). I wanted to display passwords tried, being a honeypot I'm encourage people to try and gain access.
I got that part - I was replying to Nikola's suggestion to build a "lock them out" system around it. Leaving something open until your honeypots and other sensors trigger is just *asking* for trouble - the most obvious failure mode is if they poke the Crown Jewels machine and get lucky on the first try. Unless *very* well designed and maintained, it's also usually possible to use feedback systems like that to make the victim DoS themselves by blocking access to something they really wanted to talk to... Honeypots are good for gathering intel. But you shouldn't rely on them as an IPS.
Attachment:
_bin
Description:
Current thread:
- Displaying SSH password attempts Tom Doherty (Jul 05)
- Re: Displaying SSH password attempts Jeff Lake (Jul 05)
- Re: Displaying SSH password attempts Daniel Cid (Jul 05)
- <Possible follow-ups>
- Re: Displaying SSH password attempts Nikola (Jul 05)
- RE: Displaying SSH password attempts Dodge, R. LTC EECS (Jul 05)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 05)
- Re: Displaying SSH password attempts Harry Hoffman (Jul 05)
- Re: Displaying SSH password attempts Tom Doherty (Jul 05)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 05)
- Re: Displaying SSH password attempts ader (Jul 07)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 07)
- Re: Displaying SSH password attempts ader (Jul 11)