top | item 36170678

(no title)

Nice idea. From the docs:

Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

Since the tarpit is in the banner before any cryptographic exchange occurs, this program doesn't depend on any cryptographic libraries. It's a simple, single-threaded, standalone C program. It uses poll() to trap multiple clients at a time.

https://github.com/skeeto/endlessh

discuss

avidiax|2 years ago

I spent 10 minutes to set this up. I was shocked to see that I got my first taker less than a second after I opened port 22 on my firewall.

https://www.abuseipdb.com/check/178.62.237.183

Unfortunately, it only wasted 30 seconds of that IP's time.

It's not clear what type of tarpit would waste the most of the operator's time. Maybe something like a "byzantine VM", that seems exploitable, takes payloads, passes initial checks, and then starts having "problems". DDOS attacks redirect to the C&C server. Coin miners report false mined coins. Hosted files have corruption, and won't complete transfer, etc. Whatever it is, it needs to somehow seem like the operator has an error in their code :)

Breza|2 years ago

Reminds me of a tactic I tried with telemarketing scams when on paternity leave. I got so many calls like "Your Social Security Number is about to be revoked" that I developed an entire persona with a name, address, SSN, income, debts, and other factors. I spent several baby-naps looking up jobs, apartments, car loan interest rates, and other factors to make the persona as realistic as possible. My wife talked me out of buying a $5 Visa gift card with cash so I could give the scammers a credit card number and keep them talking longer.

tornato7|2 years ago

Remember the guy who asked ChatGPT to pretend to be a terminal, you could probably do something similar to mess with SSH intruders.

operator-name|2 years ago

I'd be cautious about stuff like this - if you annoy the wrong person that could paint a target on your back.

dylan604|2 years ago

Don't discourage someone else from doing it and risk their not coming back to update us on the results. This popcorn is not going to eat itself.

Zetice|2 years ago

They're impotent little weasels who couldn't hit a target the size of a barn, so the risk is minimal.

capableweb|2 years ago

Realistically though, they'll probably timeout by themselves automatically if they haven't seen a password prompt after N seconds. TCP connections can hang overall, so having that would be basics anyway.

myself248|2 years ago

If this was default on port 22 of every cheap router sold, and if you enable ssh it has to go on some other port, it'd frustrate a lot of bad guys.

internetter|2 years ago

Ah where's your sense of fun ;)

jhartwig|2 years ago

Wow. That is pretty brilliant.

artursapek|2 years ago

That’s hilarious