[ale] failed ssh login attempts
Fletch
fletch at phydeaux.org
Fri Feb 11 21:48:00 EST 2005
>>>>> "Geoffrey" == Geoffrey <esoteric at 3times25.net> writes:
Geoffrey> Jim Lynch wrote:
>> What someone really needs to do is write a ssh spoofing daemon
>> to accept any user and any password and let them think they've
>> logged in. If there were enough out there, maybe it would keep
>> the chaps busy sorting the spoofs from reality.
Geoffrey> It's already been done, called a tar pit...
ITYM "honey pot" for a machine that's intentionally put out to look
like an interesting target to catch the eye of whatever black hats or
script kitties are poking your network. They go for the sweet low
hanging fruit while you're tracing them back.
I think I've only heard "tar pit" in the sense of the slow SMTP
servers (from the original German implementation 'teergrube') meant to
cause much pain for spammers by holding open an SMTP session for a
long time (say tens of seconds between each SMTP response). It slows
down legitimate mail slightly, but the more there are the more it cuts
into J Random Spammer's deliveries / unit time. OpenBSD comes with a
daemon spamd which can be used to accept SMTP from untrusted sources
that waits 1 second (configurable of course) between each character it
sends back. Unknown sending machines can also be set to get a
temporarily undeliverable error on their first connect; legitimate
MTAs will attempt to deliver again (and then get the teergrube
behavior), while most spammers are likely to just move on.
--
Fletch | "If you find my answers frightening, __`'/|
fletch at phydeaux.org| Vincent, you should cease askin' \ o.O'
| scary questions." -- Jules =(___)=
| U
More information about the Ale
mailing list