SSH Honeypot in 4 Minutes - Trap Hackers in Your Server

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you have a server or somewhere you log into remotely you're probably familiar with the following situation you log into your server you open the authentication logs and you discover that some dude has been trying to log into your server with default credentials like thousand times and sure if you have a strong password and a public key authentication setup these attempts are pretty harmless but still it's kind of annoying to know that someone is constantly trying to break into your server and look at your stuff i don't know so today i'll show you a very fun way to protect your server from these kind of attacks to mess with the hackers and hopefully waste their time [Music] so the way hackers usually try to get access to your server is essentially brute force they'll usually have a list of some popular login and password pairs and they'll be trying them on your server using a automated script and since by default ssh doesn't have any kind of captcha or mechanism that will kick the attacker out after unsuccessful attempts it's very easy to automate and doesn't require any kind of manual intervention so the attacker can just launch their script and go on with their life while the script is doing the dirty work however the ssh specifications include a thing called banner which is basically a text that is displayed to everyone who tries to log into the server and there's no limit on how long it can be and how much time it can take to display do you see what i'm getting at a guy by the name of chris wellins took this idea and developed a piece of software that he called endless ssh the way it works is basically you put your real ssh server on a different port say 69 and then you run endless ssh on the port 22 and it pretends to be as a sage server but every time somebody tries to log into it they're basically forced to read a very very very long text message forever it will never time out it will never throw an error or anything and it will basically keep displaying gibberish until stopped manually and since most of those attacks are automated it can take a really really long time until somebody notices that something went wrong and yes there are a lot of normal and boring ways to protect your servers such as ip tables or fail to ban but with endless ssh you're not just protecting your server from the attackers you also waste their precious time which could be otherwise spent on attacking other servers and if the thought of some 12 year old script kitty with anonymous mask whose lead hacks or script got stuck at one server for a whole month being pissed off about this whole thing doesn't sell you on the idea hell i don't know what will so let me show you real quick how to install and set up endless ssh in your computer first thing you want to do is clone the github repository using the command git clone then you need to change to the endless stage directory and compile the binary by typing make also a quick note if you're in debian or ubuntu you might get an error while compiling the binary so in this case what you need to do is to install the package called lib c6 dash dev then you need to move the binary into the folder in your path in my case i'm going to move it to usr local bin and then let's just verify real quick that it's there and after that let's just copy the systemd service file into atc systemd system now we need to enable the systemd service by typing sudo systemctl enable endless ssh and then pretty much the last thing that we need to do is to create the configuration file let's first create the folder in etc endless ssh and then let's create a text file called config here we only need to specify one option really and that is the port because by default nssh runs on port two two two two and we wanted to run on the port 22 obviously let's save the file and quit now we're ready to start endless ssh so let's type sudo systemctl start endless ssh and just to be sure let's verify that it's actually running on the port 22 by typing netstat t-u-l-p-n and as you can see it's here running on the port 22 so we're all good so now let's open a new terminal window and try to ssh into our server as you can see if i specify the port 69 the port in which my actual ssh server is running it's all good and fine it's logging in it's you know no problem but if i set the port 22 nothing's happening really so let me just show you what's going on under the hood by specifying the verbose option and as you can see the endless ssh just keeps showing our client those weird random lines in the banner and this footage is actually sped up because in reality every line takes like 30 seconds to show and as i already said the client doesn't really treat this banner thingy as a part of handshake so there will be no timeout no nothing the script that the hackers will be using will just be stuck on the stage forever and wasting the time of someone who would otherwise spend it on doing some nasty stuff is always good so yeah so that's gonna be it for this video and i hope you guys enjoyed it and as usual i would like to thank my patrons devin merrell mitchell valentino ray period and everyone else supports this channel thank you guys for watching and i'll see you in the next one goodbye

Info

Channel: Wolfgang's Channel

Views: 756,084

Rating: undefined out of 5

Keywords:

Id: SKhKNUo6rJU

Channel Id: undefined

Length: 4min 48sec (288 seconds)

Published: Tue Oct 13 2020