Peter N. M. Hansteen

Over at LinkedIn, somebody posted the results of putting a Linux server with sshd exposted to the internet for 30 days recently.

In that particular area, not much seems to have changed since the early years of this century when the events chronicled here https://nxdomain.no/~peter/hailmary_lessons_learned.html (or if you prefer Big G's trackers, https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html) occurred.

#ssh #passwordguessing #rootlogin #weakspaswords #passwordgroping #cybercrime

The Hail Mary Cloud And The Lessons Learned

Feb 17 at 11:33amWeb
Show thread*sigh*Ber nardFeb 17

@pitrh
Trying to do my part, I'm running an endlessh tarpit on port 22, and ssh on a http alternative port.
Mostly get

banner exchange: Connection from 192.0.2.123 port 44110: invalid format

errors in the logs :D

Show thread*sigh*Ber nardFeb 17

@pitrh
See https://github.com/skeeto/endlessh
FreeBSD pkg install endlessh

From the endlessh log
TOTALS connects=15438 seconds=1421138.191 bytes=2207217

GitHub - skeeto/endlessh: SSH tarpit that slowly sends an endless banner

SSH tarpit that slowly sends an endless banner. Contribute to skeeto/endlessh development by creating an account on GitHub.

GitHub
Show threadPeter N. M. HansteenFeb 17

@brnrd ah, yes, endlessh :)

I have that running on the port I redirect the gropers to, they're fun to watch

Show threadslashFeb 17

@pitrh I once spun up a FreeBSD VPS, and then life happened. I got back to it 9 months later, only to realize I had never enabled the firewall! I started hunting through logs, checking usage stats, etc. Nothing.

I did wipe it, but I think it says something about an OS that can live, naked to the world, for 9 months with no ill effects.