On Wed, Jan 23, 2008 at 02:44:28PM -0800, Ralph Shumaker wrote:
I guess now that I have a high speed, always on connection (dsl), I may have to start learning more about intrusion countermeasures. I've been meaning to figure out how to do your trick about making certain places like /usr (or whatever they were) read only, among other things.
Make sure you keep up on any updates, especially on things you have open ports on (such as sshd). I've thought about making an ssh honeypot that would record the passwords used in these attempts. Usually it is just single attempts on many accounts, so it probably isn't a very complex password, perhaps even just the user name. If I really wanted to toy with them, I could give them a fake shell prompt, and see what they do with it. Dave -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
