On Wed, 05 Jul 2006 17:01:35 BST, Tom Doherty said:
> Sorry, I must of not made myself clear. My query wasn't about preventing
> ssh bruteforcing (such threads have been done to death). I wanted to
> display passwords tried, being a honeypot I'm encourage people to try
> and gain access.
I got that part - I was replying to Nikola's suggestion to build a "lock them
out" system around it. Leaving something open until your honeypots and other
sensors trigger is just *asking* for trouble - the most obvious failure mode is
if they poke the Crown Jewels machine and get lucky on the first try. Unless
*very* well designed and maintained, it's also usually possible to use feedback
systems like that to make the victim DoS themselves by blocking access to
something they really wanted to talk to...
Honeypots are good for gathering intel. But you shouldn't rely on them as
an IPS.
- application/pgp-signature attachment: stored
Received on Jul 05 2006
Intro
