Software engineer Chris Wellons writes about tar-pitting nefarious SSH probes. Anyone with a publicly-facing SSH server knows that it is probed from the moment it is turned on. Usually, the overwhelming majority of incoming connection attempts are malevolent in nature. There are several ways to deal with these attempts, one method is to drag out the response for as long as possible.
This program opens a socket and pretends to be an SSH server. However, it actually just ties up SSH clients with false promises indefinitely — or at least until the client eventually gives up. After cloning the repository, here’s how you can try it out for yourself (default port 2222):
[...] Your SSH client will hang there and wait for at least several days before finally giving up. Like a mammoth in the La Brea Tar Pits, it got itself stuck and can’t get itself out. As I write, my Internet-facing SSH tarpit currently has 27 clients trapped in it. A few of these have been connected for weeks. In one particular spike it had 1,378 clients trapped at once, lasting about 20 hours.
(Score: 3, Interesting) by darkfeline on Tuesday March 26 2019, @04:10AM (2 children)
What's the point of this? I hope everyone realizes that these probes are all bots. No one's time is wasted except your own setting up the honeypot. The client sleeping on the socket read is using the same amount of electricity as your server sleeping on the socket write, and it's probably not even the attacker's electricity, but some poor grandma's couple of cents of electricity, whose laptop is part of a botnet. Do you think the attacker cares if ten of his billions of SSH processes across all of his bots are hanging for a day? He probably doesn't even know it's happening.
This is like trying to get revenge against Trump/ by spending a hour of your time thinking their name really hard.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Tuesday March 26 2019, @05:16AM
WRONG! People (witches) who cast spells on the President need to be Investigated. Lock Her up!
(Score: 0) by Anonymous Coward on Tuesday March 26 2019, @09:49AM
I have no idea looks like a small tutorial on threads, polls and sockets?