Archive for December, 2011


Wednesday, December 28th, 2011

After trying to build some nice graphs for the kippo-honeypot with PyCha I found

this little toolbox making things way better than I did:

kippo-graph Homepage (link fixed)

Here are the first results from my honeypot: (no live db-queries made, so Inputs
are not visible right now) Kippo-Stats

kippo stats

Wednesday, December 14th, 2011

The kippo honeypot is now running for about a week..

Up to now I have seen

* more than 1.3 Million Connects

* more than 7.100 successful logins

* > 2.200 commands typed

* more than 2.100 different Source IP addresses

* 178 Files uploaded, most of them psyBNC bouncers

Whow.. I expected *some* brute-force atempts, but that much?

successful ssh brute-force found by kippo

Wednesday, December 7th, 2011

The sshd – honeypot named kippo is a fun tool to play with. After installing it I found
more than 1000 successful logins in about 12 hours! Most logins do nothing
after having success, but some are downloading files and try to do “things”:

-rw——- 1 kippo kippo 81211778 Dec 6 23:20 20111206231910_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 34603008 Dec 7 01:19 20111207011938_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 53477376 Dec 7 01:21 20111207012055_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 3513408 Dec 7 01:21 20111207012120_http___www_steampowered_com_download_hldsupdatetool_bin
-rw——- 1 kippo kippo 608074 Dec 7 08:46 20111207084559_http___4u_moy_su_bnc_jpg

coming from commands like:

CMD: wget;tar zxvf bnc.jpg;rm -rf bnc.jpg;cd .log;./go

I will try to build some public stats later..


Tuesday, December 6th, 2011

A twitter-message:


“Under SOPA, you could get 5 years for uploading a Michael Jackson
song, one year more than the doctor who killed him.”

For those who don’t know, what SOPA means: