I am pretty close to start sending out complaints
for successful sshd – logins on my kippo honeypot.
The X-ARF part is ready. I decided to add the recorded
commands in the 3rd MIME-part. The ttylog could also
be useful, but the receiver of the complaint is probably
not so interested in starting the playlog utility for
each complaint.
I still need to implement a database check so that receivers
only get a handful complaints and are not overwhelmed by the
number of complaints..
Additionally the catched ips will be added in our blacklist,
just like in the attacks cachted by nepenthes.
Dionaea-attacks will come next 🙂


Leave a Reply

You must be logged in to post a comment.