Please note that Endlessh is NOT meant to replace conventional SSH security methods. You should still set up public-key only authentication and 2FA, as well as tools like iptables, fail2ban and CrowdSec It's also not meant to protect you from nmap port scans or advanced attacks. Endlessh is a fun way to mess with automated SSH scanners, but that's it.

@philipweiss2794

3 жыл бұрын

Hi maybe a dumb question but I find your video very interesting. All of it makes sense to me but isn't it possible to use a tool from kali linux I think that can scan for certain ports on a server?

@Prophet761

3 жыл бұрын

@@philipweiss2794 Yes, a malicious hacker may port scan your IP and find the other SSH server if they decided to scan all the ports. One possible way to mitigate this is to set your actual ssh server on an uncommon port, implement fail2ban and ssh key authentication. Like wolfgang mentioned though, it's highly unlikely the hacker will bother scanning the other ports and will just move on to another target searching for ssh servers on port 22.

@Gameplayer55055

3 жыл бұрын

Which commands do hackers use? I know only sudo rm -rf, but it's useless for hacking. So they try to load some exploits, maybe?

@Prophet761

3 жыл бұрын

@@Gameplayer55055 if you are referring to port scanning, a hacker may use a tool called nmap to figure out what services are running on your server/computer. In the video, Wolfgang shows a tool used for ssh bruteforcing called Hydra.

@Gameplayer55055

3 жыл бұрын

@@Prophet761 no, i want to know procedures after getting control of your server What do hacker usually do, when he gets control of your server? Because windows worms basically steal your passwords, and install spyware

You're video is straight to the point and doesn't waste my time to increase your channel view time. Thank you.

@matthewmarkose

3 жыл бұрын

@@0x150 your right.

@SnazzieTV

3 жыл бұрын

@@matthewmarkose you're right*

@paulreeves8251

3 жыл бұрын

@@SnazzieTV woosh!

@oscwavcommentaccount

3 жыл бұрын

@@paulreeves8251 woosh!

@mheyer5353

3 жыл бұрын

@ARTHUR DO TELETRANSPORTE Mono = One Rail = Rail

You should just have the banner be the bee movie script

@friction5001

3 жыл бұрын

Shrek*

@bionicgeekgrrl

3 жыл бұрын

Just have it recite vogon poetry...

@NextLevelCode

3 жыл бұрын

Should have it be Rick roll in ASCII art.

@RightHandedMan25

3 жыл бұрын

or most of the Old Testament

@adamschneider868

3 жыл бұрын

@@NextLevelCode just every single frame of the music video displayed in ASCII. Make it happen internet.

I need to know: how often do we have to open the server up to let the trapped hackers out? Did we need to increase fan speed, to make sure they don't suffocate? If the server is not water cooled, do we need to provide water (and FOOD) for them? And, lastly, what about sanitation?

@unknownsoldier4156

3 жыл бұрын

This has given me my best laugh in 3 months. Thank you!

@imaok4721

3 жыл бұрын

🤣🤣👍🤣🤣

@daveland2653

3 жыл бұрын

man, he said read the FAQ before commenting. Sheesh.

@imaok4721

3 жыл бұрын

On a 64 bit, no more than 64 hackers, otherwise they will cause a buffer overflow and they will have full control of your cpu, fridge, TV, microwave and lights, also you have to be very careful as they might be female hackers and to me that just screams trojan horse. Me personally i wouldn't even try to trap one in my PC as they can become very angry and aggressive,

@colfaxschuyler3675

3 жыл бұрын

@@imaok4721 A lot of guys wouldn't care, as long as it was a female Trojan horse. Deez bois gotta get out more.

Love this! There's a simple docker package as well in the docker hub, so quick to deploy! Thanks for bringing this project to me! Such a simple and powerful tarpit!!!

@BrianThomas

2 жыл бұрын

what's the docker image called? is it just endless ssh?

I've been setting up a game server, and I am TOTALLY DOING THIS. Thank you so much for making this video! It never occurred to me to have a 'false front' ssh login, and making it a time sink is a brilliant approach.

I think in addition to changing your real SSH port, I would also say setting up the SSH server to only accept keys for login would be the next step

@WolfgangsChannel

3 жыл бұрын

That goes without saying 😁

@gayusschwulius8490

3 жыл бұрын

If you have a strong password, there's virtually no difference between password and key authentication.

@GreenLinuxPenguin

3 жыл бұрын

@@gayusschwulius8490 True, though save that strong password for the key passphrase, even more solid

@VoidCraftedGamingHD

3 жыл бұрын

@@gayusschwulius8490 No, because with key authentication the key never leaves your computer, whereas the password does leave your computer so a malicious actor can pretty easily grab your password if they've compromised the system and if it's reused anywhere else or whatever they now know it, whereas with pubkey auth the key never leaves the PC so physically can't be stolen

@KiinaSu

3 жыл бұрын

@@VoidCraftedGamingHD If you have a really strong password it's probably not reused anywhere because you couldn't remember it so you need a password manager. Also if they compromised your SSH server or your own system there is no difference between password and key because in case 1 they don't need it anyway and in case 2 they can get whatever they want.

This is such a fantastic channel. Very well produced. Thanks Wolfgang.

Don't run it on a production server or u might end up with 20k simultaneous ssh connections

@brostenen

3 жыл бұрын

As to why you have it running on a seperate low power hungry computer. 😉

@leexgx

3 жыл бұрын

@@brostenen it would still cause problems for the router, be like a 10 minute delay when opening the connection page (just joking) port scan auto ip block and fail2ban is the way as it just ignores that ip then witch does not use much resources

@Uaellaen

3 жыл бұрын

@@leexgx did you check out what that endless SSH thingi does? you can have 20k connections and prolly use less then 1% of your ressources to keep them busy ... and fail2ban would need more ressources to handle 20k attackers, way more ...

@leexgx

3 жыл бұрын

@@Uaellaen fail2ban will ip block after 5 attempts in say in 60 seconds and 2 month ip ban (what ever you have set it to, most will get ip banned in first 1-2 seconds due to high rate of attempts in short time) so any connections once ip banned, it will be ignored so no way it can get to 20k connections because the firewall is flat out ignoring the ip's

@SteveJones172pilot

3 жыл бұрын

@@leexgx but then fail2ban is managing a 20000 line firewall rule, no? That's got to have a hit on firewall performance?

moving your SSHD to another port is a good practice, however a simple nmap on your IP will reveal it. Real hacker's script usually does a kind of nmap to list possible vulnerabilities. Good video

I honestly love mitigation techniques like this one; they are simple, effective, and feel a bit trolly ;)

@computer_toucher

2 жыл бұрын

simpler and more effective is to turn off password logins altogether, who even uses those any more

@HarryBallsOnYa345

2 жыл бұрын

@@computer_toucher well time is money, so if your wasting time with passwords your not making money XD

@dutchdykefinger

2 жыл бұрын

I used the old honeypot for my ftp server The real one was on another port on tls But i just ran one on port 21 to throw off the scanners. Then also allowing anonymous in a sandbox with specifically tailored ratios and all server messages all being the same so the warez bots wouldnt get wise on it and just fuck up their time trying My reasons for doing that were absolutely trolly Although that word wasn't used for it back in 2004 orso lol

@99mage99

Жыл бұрын

@@computer_toucher Valve just used a similar honeypot method to ban thousands of cheaters in Dota 2. Simple, cheap, and effective, and has nothing to do with passwords. An ounce of prevention is worth a pound of cure, and mitigation techniques in cybersecurity is just part of the prevention process.

@reoffending

9 ай бұрын

Lmao, I was able to bypass it by modifying literally one line of my script

Damn I actually love Wolfgang's desk setup so much

@dbtest117

3 жыл бұрын



@WolfgangsChannel

3 жыл бұрын

@@dbtest117 no apple desktop computers in this house

This is the least efficient way of "protecting" an SSH server I have ever seen, but also the funniest without a doubt

@agentbarron3945

3 жыл бұрын

eh its basically just security by obscurity to stop automated botnet random ssh attacks, you definitely should set up a fail2ban as well or ideally just only allow certain devices to ssh onto your server would be the safest. like the dude said its only a timewaster that you would likely throw into a raspberry pi and enable on all the typical ports someone would use to waste a botnets time and resources from actually doing some damage to someone without security setup like you or I would

@WolfgangsChannel

3 жыл бұрын

Agree on most points but it's not security by obscurity. We camouflage our military vehicles, but they still have armor underneath that camouflage. In this case your armor is public key auth, fail2ban and 2FA on your real SSH server.

@kaptainkrunch593

3 жыл бұрын

no, the least efficient way is just changing the port of SSH and hopping the hacker won't sniff it :p at least now, you have something pretenting to be SSH server and acting like one, and nothing prevent you to put some rules and fail2ban on your real SSH on top of that :p

@mariosk888

3 жыл бұрын

Agreed! this is even worse than port knocking, just use fail2ban and public key

@kaptainkrunch593

3 жыл бұрын

@@mariosk888 that wasn't my point lmao

Amusing, but I would rather setup fail2ban, as your real ssh server can still be hammered. Or do both

@luca-dallavalle

3 жыл бұрын

I was writing the same thing. 👍🏻

@janmejayjoshi

3 жыл бұрын

Both is good

@danmerillat

3 жыл бұрын

run ssh on 22 as normal, configure f2b to a rewrite rule that dumps them to the endlesssh port instead of reject.

@cosmicpegasis7591

3 жыл бұрын

Yeah isn't this completely useless after an nmap scan?

@janmejayjoshi

3 жыл бұрын

@@cosmicpegasis7591 nmap.org/book/nmap-defenses-trickery.html

Thanks for sharing this is pretty cool. True someone can script a timeout but the thought of slowing down even for 15 seconds seem to be worth it.

Dude your content is great, so glad i'm subscribed, keep it up ! :)

Hacker: let's add a timeout to the script ...

@fmslickful

3 жыл бұрын

Yeah like if the banner takes more than x to load lol

@1996Pinocchio

3 жыл бұрын

Chances are the hacker doesn't know about SSH headers

@drstein42

3 жыл бұрын

Just call the line in the script which tries the ssh connection using the timeout program.

Who would win: 758 SLOC C program vs Single line addition to add timeout to brute force.

@danmerillat

3 жыл бұрын

Even if they timeout after 15 seconds it's doing the work of drastically slowing them down.

@Exitof99

3 жыл бұрын

It's not like hackers do everything in series. They can be running parallel attacks, so it's a moot point that they might be slowed down by even a 15 second timeout. Also, hackers adapt. If they detect what they think is a honeypot, they can always do some port scanning for alternate open SSH ports. Basically, if port 22 timesout, run port scanner and continue on the new port.

@simolx

3 жыл бұрын

@@Exitof99 that's what i thought too, just do an nmap scan before, who would be so stupid to just assume that there's an ssh server at that ip address and, just go for it....... it would be so dumb

this is awesome, i love the idea of just teaching people to stop doing shoot the hard way

Cool! Never knew you could show a banner before getting into the server. thanks for the video :)

0:46 when you see your password you used on some older sites scroll through the word list....

@simolx

3 жыл бұрын

ahahahahh, sad story

As an addon I would recommend putting your real ssh port on a really high port number. Most hackers use default port scanning of the most common port and dont even scan port 5000+, so yeah :) free tip! :D

Thanks for this video. Looks fun. I'll do it. Also, glad to see another fish user!

just found your channel and it's DOPE AF! instant subbed!

So, it's a tarpit. Brill. Also, just FYI, there's an official debian package in buster-backports. I have my real ssh on a very odd port AND hidden by fwknop, just for a bit of extra; key-only auth of course. But I am actually thinking about installing this...

@m8_981

3 жыл бұрын

hmm dont think thats really necessary.. btw if u got multiple hosts i highly recommend setting up a ssh bastion. This way you only have to open 1 ssh port ;)

scripts will just adapt to close the connection after 10 second timeout and try another port

@xtra9996

3 жыл бұрын

This or just do an nmap scan to see open SSH ports. nmap is the very first thing I'd do anyway.

@mulllhausen

3 жыл бұрын

@@xtra9996 i think the video is talking about automated scripts hunting the internet to find vulnerable ssh servers. but yeah if they have a particular target in mind they'd definitely start with nmap, and not just on the nmap default ports

@mulllhausen

3 жыл бұрын

@@anserinae i'm saying the 10 second timeout should be added to the client side script. i suspect this has already been done

@xtra9996

3 жыл бұрын

@@mulllhausen Okay, but you can automate nmap as well.

@mulllhausen

3 жыл бұрын

@@xtra9996 err sure. The point of the honeypot is that the attacker has already found your SSH server and now is trying to use it to access your system.

I’m so glad I found your channel. I’m just on the back log of watching every video you have, haha. You’re very knowledgeable and I love the humour in your videos. I know this is an older video but I was wondering what is your profession in day to day life? Thanks again for the quality content.

@WolfgangsChannel

2 жыл бұрын

I'm a frontend developer/UI designer :)

@dpsfitness7375

2 жыл бұрын

@@WolfgangsChannel thank you for the response. I kind of gathered because of how 2nd nature it is to you! I’m trying to learn bits and bobs. Thanks again for the awesome content. Have a good day sir!

That cutaway to the “hacker” at the beginning cures my depression.

silly question. Couldn't you just do an nmap scan and figure out the actual port is 69?

I have a local server that's not previously exposed to the internet, but I installed this and forwarded port 22 on my router to this service just to trap some bots. Feels like I'm doing a tiny little something to keep the most basic bots busy at least. Great video! I subscribed!

That thumbnail is perfection 👌

Thank you for the infomation, question: have you tried to install a honeyspot? to see what these bots do after logging in

Or, you could setup Guacamole so you can ssh from there and setup endlessh for those trying to connect directly.

Though I wonder if this could potentially introduce a new threat surface. Haven’t looked at the code yet though.

@theawesomegamer123

3 жыл бұрын

Potentially, but I imagine that it be like a door on a wall kind of deal as there is no connection to the real server, yes the person might be able to break through the wall but it doesn't lead to anywhere

@Sergeeeek

3 жыл бұрын

Does it run as root? If so then it's better be perfect and not have any buffer overflows or anything

@parkamark

3 жыл бұрын

@@Sergeeeek That's why you don't run it as root. You run it on a non-privileged port, its default is 2222, as a normal user. I've done this and then done a NAT port redirect from port 22 to 2222 for clients that are not permitted access.

@Sergeeeek

3 жыл бұрын

@@parkamark makes sense. Didn't think of port redirection

@jersute

3 жыл бұрын

@Irish Catholic Resistance the tarpit never starts the exchange. this program speaks zero ssh (or any) protocol. it is simply a reverse slowloris spewing gibberish to keep the channel alive. any client that times out after failure to receive SSH2_MSG_KEXINIT will bail. a lot of clients will happily wait forever for it. that's why this works.

I really like this concept!

I wish I knew what you were doing and how to even begin to try such a thing, but it is awesome!

1:29 XD Nice vid btw

2/10 no actual bonk meme included

Great short video with good production, 👌

Superb video contains deep knowledge... Keep on going brother

It would be nice if you could set this up in a way where you could keep ssh on the default port, but only lock up their ssh session if they enter a password from the common default password list. So if you enter an incorrect password like soi3$%as1s, the authentication would just fail, but if you tried something in a predefined list like "hunter2" or "123456", it would lock up the session with the banner. Not sure if something like that would be possible.

The only flaw I can see is when the hackers sees the login attempts slow down to a crawl, they're going to know they're stuck in Endlessh and just exit out. Stick them into port 22, keep the speed at normal, but also make sure that even if they happen to get the right password, it fails and they keep on going. Like you say, they could waste months even though they hit the correct password ten hours after starting.

KZread algorithm brought me here. GREAT video!!

There have never been escalation vulnerabilities. This is 100 expert advice from a guy who knows his 1s and 0s!

holy crap. I just did "sudo lastb -a | more" on my vps and found hundreds of attempts made today!

@mentalmarvin

3 жыл бұрын

@mister.T Jr Thanks! I replaced it with a 5-digit port. No new login attempts yet

@Jimmy_Jones

3 жыл бұрын

@@unverifiedapk My public IP changes daily.

@Jimmy_Jones

3 жыл бұрын

@@unverifiedapk BT in UK. I know it happens because I have to automate cloudflare updates for my website and VPN. Have to pay extra for a private IP.

@leexgx

3 жыл бұрын

@@unverifiedapk if your on cable, DOCSIS tech it's normally semi static but basically is static as long as your router is not been disconnected for more then 8 days (I won't say the other way you can change it as its fun permanently banning cable connections) vdsl and adsl every reconnect is a new ip, unless you pay for a static (unsure but I would assume FTTP is same as vdsl/adsl unless you pay for static) This is how it is generally works world wide

@Uaellaen

3 жыл бұрын

use RSA key authentication instead of password

Strange, on the servers we are using when someone fails to fill in the right credentials within 5 minutes the IP is blocked...

@auronkardek

3 жыл бұрын

He says it's the boring way to protect servers. It's only a funny way and tbh why not adding this on top of fail2ban

@hetayy

3 жыл бұрын

Also useless if the IP changes constantly

@friction5001

3 жыл бұрын

@@auronkardek id just do it for fun and to troll hackers

@luisderivas6005

3 жыл бұрын

@@hetayy Yes, because attackers have an endless supply of IP's. LOL.

ill sub to this guy, for giving me ideas to literally mess up the hackers

Thanks My SFTP server has been getting a lot of unwanted attention. I moved the port to a high port number, and protected the connection with Fail2ban. Still lots of unwanted attention. Fail2ban worked but I was getting attacked by hackers who were changing their IP address after every attempt, Fail2ban was banning hundreds of IP addressed an hour. I tried your sticky honey trap created about 50 sticky ports with the real SFTP and SSH ports amongst them. So far no problems are being recorded in the logs - so thanks

Wow a 5 minute video with 5 minutes of solid information. Not a 11 minute video with 2 minutes of eh information. You just earned yourself a sub and a spot on my whitelist, something very very few KZreadrs get from me.

4 dislikers are black hat hackers.

@destiny_02

3 жыл бұрын

40

Brilliant. This is a video worth watching :) thanks.

It's in the ubuntu focal repositories. Many thanks, great tip!

Well this is relevant to me xD (wasnt using the normal port of cause but still got spammed with these) i just stop port forwarding ssh and just using OpenVPN to my house then ssh in.

Now we need fail2endless!

@Uaellaen

3 жыл бұрын

you can do that already :p setup fail2ban to not iptables drop them but forward them to endless ssh

A lot of attackers don't just try the default port, they scan your ip and will see the other port as well. However, having a banner some pages long on your regular login address would still slow a brute force/dict attack to a crawl and not be worth doing.

If one was sepecifically targeting you they would scan for open ports first and notice that there are two ssh services running. In that case it wouldn't be of much help. But to be honest, that is highly unlikely. Most of the time it will be a random attack and against that I really love this method.

fragile; propably the best description for a mac

@WolfgangsChannel

3 жыл бұрын

It’s my Debian NAS 😂

@urugulu1656

3 жыл бұрын

@@WolfgangsChannel sad apple hate noises...

I just moved my SSH server to a different port, have done so for a very long time, I'd rather people not know my computer is there at all. I have also recently set up wireguard VPN server and SSH in over that for some extra obscurity. But just moving ports is good enough, not seen anyone try to login but myself.

@svampebob007

3 жыл бұрын

yep that's waht I do with all my servers that are publicly visible, and also for the most part on the lan too, it's just not a good idea to use the "standard" if you can avoid it. Though one thing I've been looking at is changing the response of a nmap scan or what ever. I found a post from 2007 that had some code that would make your server advertise any port as any random service, so that it would essentially make your one IP look like a whole host of servers. this means that if you get the answer "port 69 is ssh" it could actually be a website, making anybody nosy enough have to investigate further, and trying to connect with the wrong protocol would make you waste a lot of time. But in his final note he added "due to the legality of such a project I'm not sure I can continue publishing this" and I haven't found anything that does exactly that. It really sounds like a great idea, but I have no idea how you could do that.

@brostenen

3 жыл бұрын

Well... If they dont see a "server" at the usual port, then they know that something funky is going down. Better lure them with some psychology trick. 😉

back on early 00's i was part of a community that ran on a telnet/mud chat server. we were never too much of elitist jerks but people got banned every now and then. and at some point someone who got banned got pissed off and spread address of it all around the internet, then we got flooded with people trying brute force attacks, come in to troll or never said an word for days doing god knows what. at some point the owner had enough and did this thing where all those people would be funneled to a fake chatroom where few days of chat log would replay in a loop plus it would randomly grab a username from them and make up random messages like "hi ", "i agree", "ok", "should we change subjects?" and so. it was painfully effective, people would only realize something was wrong after they saw chat repeating since we only had something like 2 days of logs. eventually random people got caught into it and everyone felt really bad for making some poor random talk to a walk for days and turned the whole thing off

Great video 👍 Keep it up❤️

I just looked at my auth logs and saw: rustserver steam alpine root

I wonder how many bruteforce attackers it would take to generate any kind of measurable load on that machine if it only respods with 1 line every several seconds :D Very cool stuff - thanks for sharing!

@MrHaggyy

3 жыл бұрын

The number of attackers doesn't matter. The one line every second will limit it to zero even on a raspberry Pi. Only problem with that hard delay, you might end up having a hard time getting on you own machine.

Very good stuff. Thank you.

That is a really good piece of software. Should definitely check this out!

You scan for open Ports. So even If your SSH ist running on a different Port IT wont be hard to find IT. I would personally Just diactivate IT If you are running your Server at Home

@DUDA-__-

3 жыл бұрын

You overestimate ssh spraying attacks. They don't care about servers with a better login then admin admin. Or another ssh Port. If they do they are attacking you specifically and you should worry avout that. But if you really wanna make sure only you get into your server over the internet use a certificate for authentication.

2:15 я сейчас буду сканить все порты

@karpejev

3 жыл бұрын

Лол

@Levy1111

3 жыл бұрын

Поворот сюжета: во всех портах есть ямы с гудроном

Good job! Great work.

I deployed this on my server the other day (I already had SSH on a different port than default and set up public key login only) and I’ve already had countless bots attempt to SSH in. Some got stuck for over 20 minutes. There’s been bots from Russia, China, Peru, the UK, South Korea, all over the damn place. Pretty cool knowing that not only am I doing my part to waste these assholes’ time, but I’m also better protecting my server. I’m willing to bet that with a number of these bots, after they get trapped in the tarpit they probably blacklist your server’s IP so they don’t waste their time again.

Спасибо за подсказку :-)

@denys.martyniuk

3 жыл бұрын

Я не могу понять, он русскоговорящий или нет, английский смешанный, где то хорош акцент, а где то как будто русский. Похож на английский восточной Европы какой нибудь или американских пригородов

@fxsektor

3 жыл бұрын

@@denys.martyniuk русский он

I feel like you are going to make a lot of people lock themselves out of their server since you didn't show how to change the actual ssh server port

@WolfgangsChannel

3 жыл бұрын

Endlessh won't launch if the port 22 is already taken, no worries :)

Sounds similar to what we would put into a .plan or .project file back in the day on our Unix-like systems, when 9600 baud was “high speed”, so that when some user tried to use the finger command with your account, they would get this very lengthy animated plaintext message. Had to keep the stuff in a single line, and it used special characters, and the university banned such use of .plan and .project as a result of user complaints.

back in the early 90`s I had a remote login attempt, traced the ip, it was a school with a known address and ip, called them, spoke to the principal, they were baffeled and did not know what I was talking about. "There are some kids in your computer room trying to login into other servers". Funny stuff back then.

That's very cool, however if they find out that the sshd server is running on another port like 69 in your case using a port scan, they'd be able to attack it directly once again. So you need firewalling / blaclisting / fail2ban / VPN as additional measures. + of course public key auth instead of plain text passwords.

@youngfox9635

2 жыл бұрын

This was all over my mind, the attacker would def do reconnaissance before attacking (script-kiddies aside)

Easy fix against this protection: Use timeout in your bruteforce script, lmao

@WolfgangsChannel

3 жыл бұрын

All those script kiddies would be very angry at this comment, if they could read.

@MikeRushton

3 жыл бұрын

@@WolfgangsChannel yeah, are we really sure the majority of these brute force scripts don't just use ConnectTimeout?

this is amazing work

That's a great tip and great analogy

Great ideo. Could you hold the port closed for say 10 seconds after a failed logon or kick them off for an amount of time

So funny! I wonder if you could throw tcp wrappers into the mix here; “permitted” IP ranges could get the actual sshd and everything else would land in endlessh

Nice, tnx a lot. Already configured that on my server ^^

You sir, have earned a subscriber ✌🏻👍🏻

Nice one! 😈 Thank you for sharing ❤️

Cheems is in the miniature, excellent service 10/10

If you're doing anything automated with ssh you really don't want to let the client timeout by itself, it'll take forever (or, in this case, never do so). Adding something like this *_-o ConnectTimeout=3_* to your client arguments should usually be enough, but in some cases (e.g. remote automated tunnels over very unreliable connections) it could still hang for a long time. So, just to use the above and a wrapper that kill ssh if it hangs to much. Or write your own client. I don't think many will fall in such a tarpit. Not even many script kiddies as the scripts they downloaded, without understanding, will likely take care of such a scenario for them.

Thanks for this video Bro. I've been seeing email daily for over 300 hacker attempts. Now that endlessh is running on my server, I'm curious to see what the number daily will be.

I was holding my breath waiting for you to pronounce that Patreon name... Great video tho, will definitely give it a shot just for fun

I liked the terminal hints while typing. What she'll and plugins are you using for that?

@WolfgangsChannel

3 жыл бұрын

Fish, all defaults

Reverse slow loris in a way... I love it.

*in theory* provided there are enough servers running Endlessh, someone could do a "SSH amplification DDoS attack" as the script provides an amplification ratio greater than 1, similar concept to NTP amplification DDoS attacks...

@WolfgangsChannel

3 жыл бұрын

Pinned comment

Thanks for the review of the usefull stuff. Do you know about existing of any analogs for the sip protocol?

@WolfgangsChannel

3 жыл бұрын

Not really, you pretty much have to rely on fail2ban

@MasterShuShuShu

3 жыл бұрын

@@WolfgangsChannel It's bad solution, cause smart scanners replaces some information in sip headers and you can't determine source IP addresses from asterisk log file. So I was forced to write my own scripts using ngrep. They are works well, but it deosn't interrupts bots.

I love this program! endlessh.log file on my home server has grown to 33mb since July! I haven't done much analysis on it, but it seems to be mostly Chinese bots :) I'm not super happy with it running as root (although creator says it is ok), but was too lazy to do a iptables redirect yet.

Thanks for the laugh @2:14.

Really cool, thanks!

Ah yes, the slow loris in reverse, great idea!

Excellent idea!

Dude you are freaking awesome!

Random question: what is the clip around 20 seconds from? The rotating space-ship thing in the middle looks familiar and I'm looking for a source-ier source.

@WolfgangsChannel

3 жыл бұрын

kzread.info/dash/bejne/n51908OsgqSraJM.html

@mikebailey783

3 жыл бұрын

It reminded me of a PhoneJacker sketch (or may have just been one of the interstitials); the look to camera is beautiful.

Great video!

Good info, thanks.

which is better, to open a port, or a close a port, cascade logins if you really need to keep it open

great video! can we have more videos about configurable python based honeypots which collects and sends data to email?