Dotan Cohen wrote:
I don't have experience. My understanding is that honeyd is for setting up fake systems with many fake services, which also allows fake break-ins.2009/1/16 Sjoerd Hardeman <sjoerd@lorentz.leidenuniv.nl>:I would try either honeyd or tinyhoneypot for that. You don't need a full blown ssh dameon for this.Thank you Sjoerd. I do, however, need sshd for the legitimate user who logs into this system. I googled a bit of honeyd but do not see if it will interfere with the real sshd. Have you any knowledge about this?
tinyhoneypot seems just to offer fake services which logs all that happens.But, wouldn't it be wise to run a honeypot on port 22, and a real ssh on a completely different port? Of course a good user/password choice isn't easily brute-forced, but not running a real ssh as a honeypot seems far more secure to me.
Sjoerd -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Attachment:
signature.asc
Description: OpenPGP digital signature