This has also tied in with some work travel and responsibilities, but hopefully this week I will get some time to set up Kippo Graph and look at ways of making my server look more enticing and at least warrant a brute force attempt against it!
Showing posts with label Honeypot. Show all posts
Showing posts with label Honeypot. Show all posts
Monday, 28 October 2013
No bees to my honeypot
This has also tied in with some work travel and responsibilities, but hopefully this week I will get some time to set up Kippo Graph and look at ways of making my server look more enticing and at least warrant a brute force attempt against it!
Tuesday, 8 October 2013
Enabling MySQL Logging for Kippo
At the moment my SSH honeypot isn't getting a large amount of hits, the only interactions thus far have been with what would seem to be port scanners where the connections are made and dropped within a few sections and no user interaction. I have changed the default root password from "123456" to "Password1!" and changed the hostname from "nas3" to "Dev-server" in an effort to disguise it a little bit more.
The flat log files produced by Kippo are a good start, but the later version of Kippo come with the ability to log directly into a MySQL database which will allow for more powerful integration with other data as well as give the ability to extract information more easily, so while I wait for further interactions on my Honeypot, now would be a good time to continue optimisation and automation of the process so I'm set up for the long haul. Luckily the later version of Kippo are ready to log straight to SQL with minimal configuration and instructions are provided on the Kippo project page.
The flat log files produced by Kippo are a good start, but the later version of Kippo come with the ability to log directly into a MySQL database which will allow for more powerful integration with other data as well as give the ability to extract information more easily, so while I wait for further interactions on my Honeypot, now would be a good time to continue optimisation and automation of the process so I'm set up for the long haul. Luckily the later version of Kippo are ready to log straight to SQL with minimal configuration and instructions are provided on the Kippo project page.
Saturday, 5 October 2013
Automating the Kippo review process - Part 1
With time being a commodity I do not have a lot of, it has quickly become apparent that the enthusiasm that I now have for logging in and checking my Kippo honeypot everyday will eventually wane. While Googling around for some ideas on what to look for and running Kippo I came across this blog post "Reviewing Kippo Logs" and the author Andrew Waite has provided his script to provide a daily review of Kippo logs via email, and I will look at customising this script to run on my honeypot.
Friday, 4 October 2013
Honeypots for blondes, Part 1
"Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker".
Subscribe to:
Posts (Atom)