I run endlessh on the port 2222 and I configured fail2ban to redirect the source... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ycombinatorrio on March 28, 2024 \| parent \| context \| favorite \| on: Endlessh-go: a Golang SSH tarpit that traps bots/s... I run endlessh on the port 2222 and I configured fail2ban to redirect the source ip addresses who did X failed attempts from the dest port 22 to the dest port 2222 transparently. I use the table NAT and prerouting to achieve that, you can use ipset to match the source ip addresses.

pdimitar on March 28, 2024 | [–]

Oh nice, do you have a blog post detailing it step by step?

withinboredom on March 28, 2024 | [–]

I do something similar except send them bytes from /dev/random, providing free protocol fuzzing.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact