brute force ssh attack
Joel
rees at ddcom.co.jp
Thu Apr 28 06:50:06 UTC 2005
On Wed, 27 Apr 2005 17:13:45 -0400
Matthew Miller <mattdm at mattdm.org> wrote
> On Wed, Apr 27, 2005 at 10:56:38AM -0500, Aleksandar Milivojevic wrote:
> > >there are numerous brute force ssh attacks in the web.
> > >I was quite curious, and for fun, I created the typical
> > >user accounts and set easy to guess passwords....
> > Generally, very bad idea. Unless you know exactly what you are doing,
> > which you obviously don't.
>
> What's the harm? I mean, assuming you're planning on doing a limited,
> controlled experiment?
I'd want users who try this to be a bit more prepared. If, for instance,
you set up a honeypot without firewalling it off from the rest of your
local net, you're practically inviting a new sysadmin, so to speak.
If you're going to set up a honeypot, I'd suggest setting up a full
honeynet, firewalled away from anything important, traffic monitored
from outside the honeynet. (Otherwise, you tend to miss the most
interesting stuff, anyway.)
There's just a lot of traps you can fall into (this thread shows several
examples).
If you have the spare hardware and time, though, go for it.
One thing -- I'd want to make sure the BIOS on every box inside the
honeynet is write-protected physically, and I'd plan on sacrificing the
hard drives.
--
Joel Rees <rees at ddcom.co.jp>
digitcom, inc. 株式会社デジコム
Kobe, Japan +81-78-672-8800
** <http://www.ddcom.co.jp> **
More information about the users
mailing list