Category: Honeypots

Kojoney SSH Honeypot, installation (CentOS) and configuration

I decided to give the second well-known SSH honeypot a try, the software that Kippo was inspired by: Kojoney. It is a low interaction honeypot that emulates the SSH service, and it’s written in Python like Kippo. I’m using a system with CentOS 5 32-bit installed, but the following should work for higher versions as …

Continue reading

Some Dionaea statistics

I thought I should share some statistics from the Dionaea honeypot, after ~4 days of operation. My dionaea.log file is around 135MB, the SQLite database is around 68MB, and the system downloaded 45MB of malware. Automatic uploading to VirusTotal did not work for some reason though. Using Infosanity’s script , here is the output: And …

Continue reading

Starting with Dionaea malware honeypot

Since Kippo is doing fine and there are some other interesting things out there apart from SSH dictionary attacks, I decided to run Dionaea as well in order to get a better understanding of malware distribution. So, I found myself on the official Dionaea website ready to proceed. The amount of information there and the …

Continue reading

Kippo-Graph 0.6.2 released.

Another update for Kippo-Graph, after the 0.6 “milestone”, reaching version 0.6.2 (as you may noticed I might have abused the versioning system a little, so from now on there will be small increments better reflecting the work done). It includes two new features for the Kippo-Geo component: hostname resolution for the top 10 IPs and …

Continue reading

Kippo reveals itself with ‘w’ and ‘uptime’ commands

It occurred to me suddenly today that in every TTY session I see online if the attacker runs the ‘w’ command a uptime value of ~14 days is shown. I checked it and it’s true. Kippo has the following output for the ‘w’ command hardcoded into its source code: up 14 days, 3:53. The same …

Continue reading

Kippo2MySQL v0.1.1 update

Due to the move of the blog to this domain, I have updated Kippo2MySQL with the latest information and contact details. Download Kippo2MySQL v0.1.1 here: kippo2mysql-0.1.1 MD5 Checksum: 1D1C664902B20BDA941538B86DA2DAEE SHA-1 Checksum: 47F0544AADC5FC3362E317C5BB586A90CF0E0138

Kippo-Graph and Kippo2MySQL update

Due to the move of the blog to this domain, I have updated Kippo-Graph with the latest information and contact details. Download Kippo-Graph v0.6.1 here: kippo-graph-0.6.1 MD5 Checksum: 4FD2389B223DFD699E855E66094E65F3 SHA-1 Checksum: 1DAD2618F6B756CD3645096971D17776950640EA