It’s useful for security researchers to collect and analyze what the newest attack bots are trying to do, in order to learn how to defend against it and study the malware they drop. There are some cool videos on YouTube about decompiling malware dropped by the bots.
A colleague of mine had a (non externally reachable) raspberry pi with default credentials being hijacked for a botnet by a infected windows computer in the home network. I guess you’ll always have people come over with their devices you do not know the security condition of. So I’ve started to consider the home network insecure too, and one of the things I want to set up is an internal ssh honeypot with notifications, so that I get informed about devices trying to hijack others. So for this purpose that tool seems a possibilty, hopefully it is possible to set up some monitoring and notification via uptime kuma.
Yeah I have a Linux server that is constantly being hit by SSH requests and bad password requests… So if I could redirect them to this black hole thing I’d love that. But I really Don’t understand how I could do that without destroying being able to connect to the website? Honestly I should make it so I can only SSH in via my local network since I never do it from the outside network anyway… I maybe just make a SSH key pair…
Promise I don’t really know much about security and the real problem is securities only ever something that people care about when it’s too late. Ugh
Well you must have either set up a port redirect (ipv4) or opened the port for external traffic (ipv6) yourself. It is not reachable by default as home routers put a NAT between the internet and your devices, or in the case of ipv6 they block any requests. So (unless you have a very exotic and unsafe router) just uhhh don’t 😅 To serve websites it is enough to open 443 for https, and possibly 80 for http if you want to serve an automatic redirect to https.
I’m not sure what this is other than what seems to be a black hole for bots… But can you use it defensively?
It’s useful for security researchers to collect and analyze what the newest attack bots are trying to do, in order to learn how to defend against it and study the malware they drop. There are some cool videos on YouTube about decompiling malware dropped by the bots.
You can see all is interested in attacking your servers and what the payload looks like
A colleague of mine had a (non externally reachable) raspberry pi with default credentials being hijacked for a botnet by a infected windows computer in the home network. I guess you’ll always have people come over with their devices you do not know the security condition of. So I’ve started to consider the home network insecure too, and one of the things I want to set up is an internal ssh honeypot with notifications, so that I get informed about devices trying to hijack others. So for this purpose that tool seems a possibilty, hopefully it is possible to set up some monitoring and notification via uptime kuma.
Yeah I have a Linux server that is constantly being hit by SSH requests and bad password requests… So if I could redirect them to this black hole thing I’d love that. But I really Don’t understand how I could do that without destroying being able to connect to the website? Honestly I should make it so I can only SSH in via my local network since I never do it from the outside network anyway… I maybe just make a SSH key pair…
Promise I don’t really know much about security and the real problem is securities only ever something that people care about when it’s too late. Ugh
Well you must have either set up a port redirect (ipv4) or opened the port for external traffic (ipv6) yourself. It is not reachable by default as home routers put a NAT between the internet and your devices, or in the case of ipv6 they block any requests. So (unless you have a very exotic and unsafe router) just uhhh don’t 😅 To serve websites it is enough to open 443 for https, and possibly 80 for http if you want to serve an automatic redirect to https.