David Brown wrote: > On Wed, Jan 23, 2008 at 02:44:28PM -0800, Ralph Shumaker wrote: > >> I guess now that I have a high speed, always on connection (dsl), I >> may have to start learning more about intrusion countermeasures. I've >> been meaning to figure out how to do your trick about making certain >> places like /usr (or whatever they were) read only, among other things. > > Make sure you keep up on any updates, especially on things you have open > ports on (such as sshd). > > I've thought about making an ssh honeypot that would record the passwords > used in these attempts. Usually it is just single attempts on many > accounts, so it probably isn't a very complex password, perhaps even just > the user name. > > If I really wanted to toy with them, I could give them a fake shell prompt, > and see what they do with it.
So, a "fake shell prompt" is maybe a little like a honeypot, except that commands get logged but not executed? If so, how would you go about doing that? Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
