Skip to content

Testing & Collecting various Honeypots using Modern Honey Network

Notifications You must be signed in to change notification settings

notmike/Honeypot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 

Repository files navigation

Honeypot

I implemented a Modern Honey Network with 6 different honeypots on Ubuntu 14.04 x64 Digitalocean droplets. The honeypots started receiving attacks immediately. After only 48 hours, my honey network had received over 6,000 attacks.

Here is the complete data collection from the honeypots (for your casual reading) : session.json

Here is a list of the honeypots I used on my honey network:

Most honeypots were straight forward during setup, and seemed to get attacked almost immediately. The only exception to that was my last honeypot which was running Glastopf. I tried to troubleshoot it to make sure it was running correctly and it seemed to be fine. I ran sqlmap against multiple injection points but no attacks registered on the MHN Admin server.

MHN Admin Server - Walkthrough

Attack Stats (most recent 24 hours)

Here I've listed the function of the most frequently attacked ports:

Attacked Ports Common Use
22 SSH
5060 VoIP
25 SMTP
445 Windows Server
3306 MySQL

Active Honeypots

Kippo Honeypot Charts

It appears that many of these bots are really only interested in the lowest hanging fruit, given the #1 SSH username AND password attempt was "support".

I was curious as to which countries were responsible for the attempts at brute-forcing ssh on the Kippo honeypot...

Attacker IPs Country
91.134.213.144 Bulgaria
198.24.171.250 USA
195.154.105.200 France
46.101.178.128 Germany
150.95.146.205 Japan

About

Testing & Collecting various Honeypots using Modern Honey Network

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published