1 |
On Jan 16, 2012 12:58 AM, "Walter Dnes" <waltdnes@××××××××.org> wrote: |
2 |
> |
3 |
> On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote |
4 |
> |
5 |
> > This is nothing like changing the port for SSH - a port scanner can |
6 |
> > figure that one out in seconds... |
7 |
> |
8 |
> A real BOFH would set up a dummy instance of sshd on the regular port, |
9 |
> as well as a real sshd instance on another port. The dummy instance |
10 |
> could be set up to always fail the login attempt, and with special |
11 |
> iptable rules to not clutter up your logfile. |
12 |
> |
13 |
|
14 |
And don't forget to put the false sshd through a tc rule that chokes the |
15 |
return traffic to 1 cps B-) |
16 |
|
17 |
Of course, being the "real sysadmin" a.k.a lazy slob that I am, that's way |
18 |
too much work for not enough bastardly pleasure... I can't gleefully see |
19 |
the face of people trapped in the tc hell :-P |
20 |
|
21 |
Rgds, |