Friday, January 7, 2011

Medium interaction SSH honeypot

Thanks to a tweet made by HD Moore  I found  a hilarious  website called iwatchedyourhack.org  that posts transcripts of script kiddies attacking honeypots. :)

I guess many people is using SSH honeypots like kippo.

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. 
 some interesting features:
  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
  • Session logs stored in an UML compatible format for easy replay with original timings
  • Just like Kojoney, Kippo saves files downloaded with wget for later inspection
  • Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc  

No comments:

Post a Comment