I would like to know if anyone has ever implemented a SSH trap. It would be interesting to set up a system where if someone was to port scan my computer they would find my SSH port open(port 22) and then they might try to connect to it via ssh using some simple easily guessable passwords. I want a process sitting on the otherside to allow them to connect then have that process to try and gather data on the attackers machine. Has anyone tried to implement something like this. I thing aggressively defending a machine is better than just merely defending a machine.
4
-
3There are a bunch of them; search for SSH honeypot.– Gordon DavissonCommented Sep 6, 2019 at 3:59
-
What information do you believe you will collect? Outside of knowing the IP address of the attack I can't think of anything, even the IP address is pointless, anyone performing scans like that is using a VPN.– RamhoundCommented Sep 6, 2019 at 4:19
-
@GordonDavisson: Please post a full answer.– grawity_u1686Commented Sep 6, 2019 at 4:39
-
Any kind of data could be useful. Depends on how sloppy or careful the attacker is. After a search there does look like there are a few things out there. Seems like its mixed on how to make the SSH honeypot look like a legitimate machine. Maybe running a VM as a honey pot would be better?– techimperialCommented Sep 6, 2019 at 5:03
Add a comment
|