Admin wrote:
A more amusing alternative is to move SSH to another port, and put the LaBrea tarpit on port 22 and any other commonly attacked ports (firewall module).
I uite like this: summer@www:~$ cat /etc/xinetd.d/telnet # default: off # description: An internal xinetd service which gets the current system time # then prints it out in a format like this: "Wed Nov 13 22:30:27 EST 2002". # This is the tcp version. service telnet { disable = no socket_type = stream protocol = tcp user = games wait = no flags = NAMEINARGS server = /usr/sbin/tcpd server_args = /bin/false } summer@www:~$ with this: summer@www:~$ tail -4 /etc/hosts.deny false: ALL: spawn ((echo attack from %h;id -a) | \ /usr/bin/mail -s %d-%h root) & summer@www:~$ Good places to attach it where the services are not otherwise engaged: telnet ftp ssh There are probably better things to do that send email, but I just set this up as a POC; you can't actually trigure it becaus the firewall keeps you out.