home.social

#endlessh — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #endlessh, aggregated by home.social.

  1. Yesterday I discovered endlessh (github.com/skeeto/endlessh), which is a tarpit for those SSH login guessing bots. I made a little Python script that filters its logs and gives me some stats.

    It's a lot of fun to see them get trapped, and I'm also having fun looking up from which countries they are coming.

    #ssh #linux #endlessh

  2. A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" nxdomain.no/~peter/hailmary_le piece, with a note added at the end about endlessh as a possible refinement (yes, I use it) #ssh #passwords #passwordguessing #passwordgroping #endlessh #openbsd #freebsd #pf #packetfilter #security #cybercrime

  3. A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" nxdomain.no/~peter/hailmary_le piece, with a note added at the end about endlessh as a possible refinement (yes, I use it) #ssh #passwords #passwordguessing #passwordgroping #endlessh #openbsd #freebsd #pf #packetfilter #security #cybercrime

  4. A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" nxdomain.no/~peter/hailmary_le piece, with a note added at the end about endlessh as a possible refinement (yes, I use it) #ssh #passwords #passwordguessing #passwordgroping #endlessh #openbsd #freebsd #pf #packetfilter #security #cybercrime

  5. A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" nxdomain.no/~peter/hailmary_le piece, with a note added at the end about endlessh as a possible refinement (yes, I use it) #ssh #passwords #passwordguessing #passwordgroping #endlessh #openbsd #freebsd #pf #packetfilter #security #cybercrime

  6. A mention elsewhere of the insufferable ssh password guessers has me reprise my "The Hail Mary Cloud and the Lessons Learned" nxdomain.no/~peter/hailmary_le piece, with a note added at the end about endlessh as a possible refinement (yes, I use it) #ssh #passwords #passwordguessing #passwordgroping #endlessh #openbsd #freebsd #pf #packetfilter #security #cybercrime

  7. Защита от брутфорса и эксплоитов OpenSSH

    В последних версиях OpenSSH появилась защита от брутфорса (перебора) паролей, а также от попыток эксплоита. Это очень ценные настройки, которыми разработчики рекомендуют воспользоваться всем. Нужно отметить, что новая функция OpenSSH фундаментально отличается от fail2ban , sshguard и подобных инструментов, поскольку она не парсит логи и не изменяет правила файрвола, а применяет опции только внутри одной программы, не обращаясь никуда через ядро, что делает её гораздо безопаснее вышеупомянутых утилит.

    habr.com/ru/companies/globalsi

    #SSH #OpenSSH #sshd #PerSourcePenalties #PerSourcePenaltyExemptList #sshkeyscan #брутфорс #подбор_паролей #fail2ban #sshguard #Endlessh

  8. Instead it DROPing brute-force #ssh via #fail2ban, redirect them to #endlessh... 😄

  9. I'm now running my first public service online: a tarpit that bans you.

    #endlessh #selfhosting #SSH

  10. Updated #NixOS to 22.11 on my VPS today. It was deliciously boring; only changes I had to do was remove a custom service for #endlessh (now included in nixpkgs), and explicitly set the adapter for my #Caddy config file.

  11. Hey les sysadmin vous connaissez #endlessh ?
    « Endlessh est un logiciel très simpliste qui expose un faux serveur SSH avec une bannière d'une longueur infinie qui n'offre aucun prompt d'authentification au client du service. »
    geeek.org/bruteforce-ssh-endle

    J'adore le principe, j'ai bien envie de l'installer sur mes serveurs 😜

  12. Trap hackers in your server using Endlessh as a SSH Honeypot and wastes their time

    Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

    See
    i.ytimg.com/vi/SKhKNUo6rJU/hqd

    SSH Honeypot in 4 Minutes - Trap Hackers in Your Server
    by Wolfgang's Channel on YouTube

    #technology #hacking #security #SSH #Endlessh
    matomo.gadgeteer.co.za/piwik.p

    youtu.be/SKhKNUo6rJU squeet.me/objects/962c3e1097d7

  13. I really enjoy watching #syslog for #endlessh entries. Record for last 24 hours was 42852 seconds or close to 12 hours.

  14. is a .

    Endlessh (Endless SSH) is a barebones SSH server that traps any clients that attempt to connect. When a connection is made Endlessh sends an endless stream of junk data at a slow rate that forces the client to wait. Endlessh can trap hundreds of clients for days or weeks with minimal performance impact. Endlessh is useful for trapping bots on false SSH ports.

    Website 🔗️: github.com/skeeto/endlessh