Here is an app idea I had: a daemon runs, and it opens 20-30 ports. These ports ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

yummyfajitas on Oct 13, 2010 | parent | context | favorite | on: Securing your ssh server

Here is an app idea I had: a daemon runs, and it opens 20-30 ports. These ports simulate ssh/telnet/imap servers, at least for limited interactions, but do not actually do anything. They may also run slowly, to consume time on the part of the attacker.

When a user connects to these phony ports, their IP is blocked, or at least blocked from the ports which run legitimate services.

Are there any similar programs, or perhaps some flaw with this idea that I'm not seeing?

tptacek on Oct 13, 2010 | [–]

Yes; this is the basic idea behind honeyd, which is famous.

yummyfajitas on Oct 13, 2010 | | [–]

Thanks.

seven on Oct 14, 2010 | [–]

About slowing somebody down: http://en.wikipedia.org/wiki/Tarpit_%28networking%29

About automatic blocking: Be careful to not block legit users or services after a flood of spoofed packets to your $device.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact