honeypot
That’s a lot more work.
Comment on How to harden against SSH brute-forcing?
semperverus@lemmy.world 1 week agoDon’t reject connections to port 22, honeypot it and ban on connection attempt.
sugar_in_your_tea@sh.itjust.works 1 week ago
ILaughBecauseFunny@feddit.dk 1 week ago
By all means, I am no expert, but isn’t it “just” the fail2ban?
sugar_in_your_tea@sh.itjust.works 1 week ago
Fail2ban blocks IPs that fail to connect repeatedly. A honeypot pretends fails worked and gives them a worthless environment to try to exploit. The purpose of fail2ban is to block attacks, the purpose of a honeypot is amusement and to waste attackers’ time.
ILaughBecauseFunny@feddit.dk 1 week ago
I understood the comment as “leave the port open to ssh, to easily allow fail2ban to hit the ip’s before they get through your full port range.” But thanks for the elaborate answer :)
I agree, what you described is much more work ;)
downhomechunk@midwest.social 1 week ago
I’d get myself banned this way. I forget the -p flag at least once per week.