CLOSED. Endlessh is an SSH tarpit

Watching SSH Jail on youtube I ask can this work in (on?) OpenWRT running openwrt-21.02 branch (git-21.357.58218-b3cd473)? I have a TP-Link Archer C7 (v2) router. Code at GitHub: Endlesssh, or is this program solely for network storage?

1 Like

For sure - SSH tarpit that slowly sends an endless banner

Unless you really know what you're doing, on dedicated and closely monitored gear, just don't do it. This opens up yet another -barely audited- potential security issue. By default, ports are closed on OpenWrt, and that's where the attack ends - your tarpit now opens the ssh port in an attempt to keep your attacker busy (rather than skipping over your router and trying their luck on your neighbours), while that might give you a warm feeling that you've done something against them, you now also rely on this barely audited piece of software not to hand out the keys to your kingdom (the ssh protocol has many features, who knows if that software correctly closed all of them and that its main banner environment can't be escaped).

3 Likes