honey put with some damage

Toggle sidebar Toggle sidebar
T

TiziteLayinLow

Senior member
Aug 18, 2003
493
0
0
i have a cisco router and win server behind it hosting sites.

someone has been tryin to DOS me and get into my SSH. Im wanting to setup a SSH honey put, once they connect send them a worm virus just to teach a lesson

obviously when they connect they have a port listening back for what they think is ssh, only itll be something else.

i was going to nat forward the ssh to the server instead of the router and run a fake ssh on teh server with very limited access to a subfolder with no permissions accept read on ntfs and share permissions.

in there i would have a few data files that are nothing maybe some a pdfs..lol to keep him connected and then have a worm waiting on that port too..

any ideas?


thanks
 
skyking

skyking

Lifer
Nov 21, 2001
22,732
5,872
146
Not worth it IMO. Move ssh to another port and he/she/it will get tired of DOSing 80.
I go up in the thousands for ssh, it just saves headaches.
 
L

lansalot

Senior member
Jan 25, 2005
298
0
0
in there i would have a few data files that are nothing maybe some a pdfs..lol to keep him connected and then have a worm waiting on that port too..
Click to expand...

A 'worm waiting on that port'? Won't work...
 
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,548
424
126
Honey POT.

Take into consideration that they did or more likely did not commit a crime.

You on the other end are committing a crime by sending Worm.

:sun:
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
There are simple solutions to this, and if you use proper precautions you don't have to worry about them breaking in any time soon. :)
 
T

TiziteLayinLow

Senior member
Aug 18, 2003
493
0
0
so you think move up to the thousands in port and their port scan might not care to go that high? then also setup a honey pot on 22 with nothing in it, or should I just move ssh behind the vpn?

thanks for the posts guys
 
L

lansalot

Senior member
Jan 25, 2005
298
0
0
Port scans don't tend to do all ports, most folk try the usual ones - nothing happening, move on. The next system might not be so lucky.

The trick is to make sure your system isn't the next one...
 
skyking

skyking

Lifer
Nov 21, 2001
22,732
5,872
146
Originally posted by: TiziteLayinLow
so you think move up to the thousands in port and their port scan might not care to go that high? then also setup a honey pot on 22 with nothing in it, or should I just move ssh behind the vpn?

thanks for the posts guys
Click to expand...

like lansalot said, port scan traffic usually does not get too high. they hit the usual ports, and if you have one of those forwarded through, they will stop and camp out for a while.
If you get it up in the 4 digit range, I doubt you will ever see a failed login attempt again. I have not.
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
scans of a host and subsequent scans of a vulnerable port are just a fact of life on the internet.

no worries mate.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom