[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

    Geoffrey> Jim Lynch wrote:
    >> What someone really needs to do is write a ssh spoofing daemon
    >> to accept any user and any password and let them think they've
    >> logged in.  If there were enough out there, maybe it would keep
    >> the chaps busy sorting the spoofs from reality.

    Geoffrey> It's already been done, called a tar pit...

ITYM "honey pot" for a machine that's intentionally put out to look
like an interesting target to catch the eye of whatever black hats or
script kitties are poking your network.  They go for the sweet low
hanging fruit while you're tracing them back.


I think I've only heard "tar pit" in the sense of the slow SMTP
servers (from the original German implementation 'teergrube') meant to
cause much pain for spammers by holding open an SMTP session for a
long time (say tens of seconds between each SMTP response).  It slows
down legitimate mail slightly, but the more there are the more it cuts
into J Random Spammer's deliveries / unit time.  OpenBSD comes with a
daemon spamd which can be used to accept SMTP from untrusted sources
that waits 1 second (configurable of course) between each character it
sends back.  Unknown sending machines can also be set to get a
temporarily undeliverable error on their first connect; legitimate
MTAs will attempt to deliver again (and then get the teergrube
behavior), while most spammers are likely to just move on.

-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org|  Vincent, you should cease askin'          \ o.O'
                      |  scary questions." -- Jules                =(___)=
                      |                                               U


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00466" href="msg00466.html">[ale] failed ssh login attempts</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="00467" href="msg00467.html">[ale] failed ssh login attempts</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00360" href="msg00360.html">[ale] failed ssh login attempts</a></strong>
<ul><li><em>From:</em> googi at mindspring.com (Googi Singha)</li></ul></li>
<li><strong><a name="00404" href="msg00404.html">[ale] failed ssh login attempts</a></strong>
<ul><li><em>From:</em> jkf at wolfnet.org (Jason Fritcher)</li></ul></li>
<li><strong><a name="00439" href="msg00439.html">[ale] failed ssh login attempts</a></strong>
<ul><li><em>From:</em> jwl at sgi.com (Jim Lynch)</li></ul></li>
<li><strong><a name="00441" href="msg00441.html">[ale] failed ssh login attempts</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00464.html">[ale] [Sorta OT] Thinkpad 600x TV out</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00466.html">[ale] failed ssh login attempts</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00444.html">[ale] failed ssh login attempts</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00466.html">[ale] failed ssh login attempts</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00465"><strong>Date</strong></a></li>
<li><a href="threads.html#00465"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>