Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

  > I use a tarpit on all ssh
I would love to hear more about your approach, if that's not sensitive. My Gmail username is the same as my HN username if you prefer. Thank you!


I run an N100 with LXD so I have a container running one of the many ssh tar pits and point 22 and a bunch other ports to it. It simulates an ssh login that very slowly sends ssh banner lines in the connection protocol, endlessly, until they disconnect.

It commonly thought that they do nothing, but they seem to keep TCP connections open for quite a long time. A assume a hand written scanning client could detect and mitigate the delay but it's going to hold open the sessions on the firewall exit on the other side. If there are enough of these maybe someone might do something.

Makes me smile when I look at the logs, that's enough for me.

It's been covered quite a bit here on HN.


Thanks. Yes, I have heard of such an approach, I did not know that it is called a tarpit. I just googled the idea and found Endlessh, I'll try it. Thank you.


These tarpits have been around for a while now, do they even do anything anymore?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: