1. 4
  1.  

  2. 6

    Seems like an awful lot of C for something that could be done with a 6 line shell script run by inetd.

    edit: not to denigrate the effort, but this feels overkill for something as simple as telnet :-)

    1. 5

      Most of it seems to be devoted to accurately reproducing the telnet negotiation protocol and providing the session with a secure chroot() jail.

    2. 3

      What does it illustrate? That it can be done, or something else entirely?

      1. 2

        I think is a fun project. I always liked small tools written in C that do one thing well enough since you can use them and learn about the code in only a few minutes/hours.

      2. 3

        sshd equivalent of this would be interesing, I would deploy it on some of my VPSes and see what dictionaries my chinese friends are using ;)

        1. 2

          I never got around to it but thought about changing sshd code so that when PasswordAuthentication is not offered but the client sends a password anyway, that password is logged somewhere. (Bruceforce tools tend to not respect the protocol).

          1. 4

            You asked for it, you got it: https://github.com/desaster/kippo

            1. 1

              Thanks, but I was unclear. I don’t want to run dedicated honeypots. I just wanted to augment my production environment to indicate trends among attackers.

              1. 1

                It seems that kippo has a fork which is more complete, named Cowrie: http://www.micheloosterhof.com/cowrie/. It’s very nice, it even converts the tty logs to asciinema. Thanks!