• z3bra@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    endlessh was pretty cool and a more modern version is even better ! I’ll give it a shot !

    On a side note, I found a way to trap HTTP connections too while working on my cyb.farm project. The go implementation is ridiculously simple: tarpit.go. It works by providing an endless stream of custom headers to the client, which it is supposed to ingest before getting to the content itself.

  • imPastaSyndrome@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    I’m not sure what this is other than what seems to be a black hole for bots… But can you use it defensively?

    • skilltheamps@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      A colleague of mine had a (non externally reachable) raspberry pi with default credentials being hijacked for a botnet by a infected windows computer in the home network. I guess you’ll always have people come over with their devices you do not know the security condition of. So I’ve started to consider the home network insecure too, and one of the things I want to set up is an internal ssh honeypot with notifications, so that I get informed about devices trying to hijack others. So for this purpose that tool seems a possibilty, hopefully it is possible to set up some monitoring and notification via uptime kuma.