honeypot
That’s a lot more work.
Comment on How to harden against SSH brute-forcing?
semperverus@lemmy.world 2 months agoDon’t reject connections to port 22, honeypot it and ban on connection attempt.
sugar_in_your_tea@sh.itjust.works 2 months ago
ILaughBecauseFunny@feddit.dk 2 months ago
By all means, I am no expert, but isn’t it “just” the fail2ban?
sugar_in_your_tea@sh.itjust.works 2 months ago
Fail2ban blocks IPs that fail to connect repeatedly. A honeypot pretends fails worked and gives them a worthless environment to try to exploit. The purpose of fail2ban is to block attacks, the purpose of a honeypot is amusement and to waste attackers’ time.
ILaughBecauseFunny@feddit.dk 2 months ago
I understood the comment as “leave the port open to ssh, to easily allow fail2ban to hit the ip’s before they get through your full port range.” But thanks for the elaborate answer :)
I agree, what you described is much more work ;)
downhomechunk@midwest.social 2 months ago
I’d get myself banned this way. I forget the -p flag at least once per week.