On Fri, Oct 3, 2008 at 3:22 AM, Jeff Kinz
<jkinz@kinz.org> wrote:
Eric - one way to stop the attacks is to let them in....
Time for a honeypot! IIRC a very simple C program can keep these
guys occupied for hours..
Suggestion - move your ssh access port, and run THP
Tiny Honeypot
Quote:
Wouldn't it be nice if every single unsolicited connection
attempt tied up the attacker who launched it by appearing to
actually work, all the while providing a little insight into
their motives and intents? thp appears to listen on all ports
otherwise not in legitimate use, providing a series of phony
responses to attacker commands. Some are very simple, others are
somewhat more interactive. The goal isn't to fool a skilled,
determined attacker...merely to cloud the playing field with tens
of thousands of fake services, all without causing unreasonable
stress on the thp host.
* Changelog:
http://www.alpinista.org/files/thp/thp-0.4.4/CHANGELOG
* Download:
http://www.l0t3k.net/tools/Honeypot/thp-0.4.6.tar.gz
* Home: http://www.alpinista.org/
* License: GNU General Public License
* MD5SUM: 227ef8a3cedb49a1c634298f71a5832b
* Platform(s): Linux
--