Dan Q

Tag: trolling

Endless SSH Tarpit on Debian

Tarpitting SSH with Endlessh

I had a smug moment when I saw security researcher Rob Ricci and friends’ paper empirically analysing brute-force attacks against SSH “in the wild”.1 It turns out that putting all your SSH servers on “weird” port numbers – which I’ve routinely done for over a decade – remains a pretty-effective way to stop all that unwanted traffic2, whether or not you decide to enhance that with some fail2ban magic.

But then I saw a comment about Endlessh. Endlessh3 acts like an SSH server but then basically reverse-Slow-Loris’s the connecting client, very gradually feeding it an infinitely-long SSH banner and hanging it for… well, maybe 15 seconds or so but possibly up to a week.

Installing an Endlessh tarpit on Debian 12

I was just setting up a new Debian 12 server when I learned about this. I’d already moved the SSH server port away from the default 224, so I figured I’d launch Endlessh on port 22 to slow down and annoy scanners.

Installation wasn’t as easy as I’d hoped considering there’s a package. Here’s what I needed to do:

  1. Move any existing SSH server to a different port, if you haven’t already, e.g. as shown in the footnotes.
  2. Install the package, e.g.: sudo apt update && sudo apt install -y endlessh
  3. Permit Endlessh to run on port 22: sudo setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
  4. Modify /etc/systemd/system/multi-user.target.wants/endlessh.service in the following ways:
    1. uncomment AmbientCapabilities=CAP_NET_BIND_SERVICE
    2. comment PrivateUsers=true
    3. change InaccessiblePaths=/run /var into InaccessiblePaths=/var
  5. Reload the modified service: sudo systemctl daemon-reload
  6. Configure Endlessh to run on port 22 rather than its default of 2222: echo "Port 22" | sudo tee /etc/endlessh/config
  7. Start Endlessh: sudo service endlessh start

To test if it’s working, connect to your SSH server on port 22 with your client in verbose mode, e.g. ssh -vp22 example.com and look for banner lines full of random garbage appearing at 10 second intervals.

Screenshot showing SSH connection being established to an Endlessh server, which is returning line after line of randomly-generated text as a banner.

It doesn’t provide a significant security, but you get to enjoy the self-satisfied feeling that you’re trolling dozens of opportunistic script kiddies a day.

Footnotes

1 It’s a good paper in general, if that’s your jam.

2 Obviously you gain very little security by moving to an unusual port number, given that you’re already running your servers in “keys-only” (PasswordAuthentication no) configuration mode already, right? Right!? But it’s nice to avoid all the unnecessary logging that wave after wave of brute-force attempts produce.

3 Which I can only assume is pronounced endle-S-S-H, but regardless of how it’s said out loud I appreciate the wordplay of its name.

4 To move your SSH port, you might run something like echo "Port 12345" | sudo tee /etc/ssh/sshd_config.d/unusual-port.conf and restart the service, of course.

×

Article posted at UTC on .

No comments

Sarah Silverman’s powerful response to a sexist troll

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Sarah Silverman’s response to a sexist tweet is a much-needed ray of hope (Quartzy)

In the brutal, self-centered bash-fest that social media often becomes, a moment of simple kindness and connection stands out.

American comedian Sarah Silverman is unapologetically blunt in her fight against misogyny. But Silverman has also made a point of exploring the depths of her own empathy.

“I just keep asking myself, can you love someone who did bad things?” she said, after her dear friend and fellow comedian, Louis CK, was accused of sexual harassment. “I can mull that over later, certainly, because the only people that matter right now are the victims.”

Last week, Silverman demonstrated similar level-headed compassion when subjected to sexism and harassment herself. After tweeting about an article describing her honest attempts to understand Trump supporters, Silverman received a crude response from a Twitter follower:

Repost posted at UTC on .

No comments

Marks & Spensive

Sometimes, the opportunity arises to troll the real world. And these opportunities are too good to miss. Earlier this week, I found myself in Marks & Spencer, buying some food and wine for a “carpet picnic”-and-Angel date-night-in with Ruth.

The grand total at the checkout came to £26.38: I’d precalculated this and was ready: as the number came up on the checkout I handed over a “£5 off when you spend £25” voucher, and a £20 M&S gift card.

“That’ll be… £1.38,” said the assistant, as I packed my shopping into a bag. Behind me, a young couple had joined the queue, behind me, and had clearly overheard the price. The looked stunned.

Naturally, then, I made sure that they saw the wine, the cakes, the fruit, the bread products, and everything else as I carefully loaded it all into the bag. “£1.38, wasn’t it?” I asked, as if I were double-checking, reaching into my wallet.

Catching the gaze of the shoppers behind me, as if I’d only just noticed them, I spoke to them as the cashier counted out my change. “It’s a great special offer, this one,” I said, “All of this for £1.38. Bargain!”

And then picked up my bag and left, watching the gobsmacked couple as they tried to work out how I’d managed to get 95% off the value of my shopping. Delightful.

It’s the little things, really.

×

Article posted at UTC on .

4 comments