Re: brute force ssh attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 27 Apr 2005 17:13:45 -0400
Matthew Miller <mattdm@xxxxxxxxxx> wrote

> On Wed, Apr 27, 2005 at 10:56:38AM -0500, Aleksandar Milivojevic wrote:
> > >there are numerous brute force ssh attacks in the web.  
> > >I was quite curious, and for fun, I created the typical 
> > >user accounts and set easy to guess passwords.... 
> > Generally, very bad idea.  Unless you know exactly what you are doing, 
> > which you obviously don't.
> 
> What's the harm? I mean, assuming you're planning on doing a limited,
> controlled experiment?

I'd want users who try this to be a bit more prepared. If, for instance,
you set up a honeypot without firewalling it off from the rest of your
local net, you're practically inviting a new sysadmin, so to speak. 

If you're going to set up a honeypot, I'd suggest setting up a full
honeynet, firewalled away from anything important, traffic monitored
from outside the honeynet. (Otherwise, you tend to miss the most
interesting stuff, anyway.)

There's just a lot of traps you can fall into (this thread shows several
examples).

If you have the spare hardware and time, though, go for it. 

One thing -- I'd want to make sure the BIOS on every box inside the
honeynet is write-protected physically, and I'd plan on sacrificing the
hard drives.

--
Joel Rees   <rees@xxxxxxxxxxx>
digitcom, inc.   株式会社デジコム
Kobe, Japan   +81-78-672-8800
** <http://www.ddcom.co.jp> **


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux