Build a fake SSH server under OpenBSD with PacketFilter and sshesame

LinaSovereign - 3rd August 2017 - OpenBSD /Security /

Introduction :

If you host a public server with a SSH daemon, you should be familiar with bruteforce attacks…

$ cat /var/log/authlog

Aug  3 12:00:47 blog sshd[25418]: Failed password for root from 1.164.135.169 port 35320 ssh2
Aug  3 12:00:51 blog sshd[25418]: error: maximum authentication attempts exceeded for root from 1.164.135.169 port 35320 ssh2 [preauth]
Aug  3 12:00:51 blog sshd[25418]: Disconnecting authenticating user root 1.164.135.169 port 35320: Too many authentication failures [preauth]

I solved this problem years ago with PacketFilter, so only the people connecting from my localnet or my VPN may access to my SSH server :

$ doas vi /etc/pf.conf

table <allowsshd> { 192.168.1.0/24, 2a01:cb06:3e0:eb00::/56 } persist
block drop in quick on re0 proto tcp from !<allowsshd> to any port ssh

But …. I asked myself, what if I could make hackers lose their time like I’m doing with mail spammers and spamd. So I decided to set up an evil plan !

This content is limited to logged in users.