Leon van der Eijk's Blog (7)

Kippo SSH honeypot over the years

For over two years now, my ssh-honeypot kippo (developed by Upi Tamminen) is receiving “visits” from all over the world. With an easy to guess root password 123456, to shorten the brute force attacks I have gathered some interesting data/statistics.

So to sum things up:

First attack on Monday, 26-Jul-2010, 09:11 AM

Total login attempts 474433

Distinct source IP…

Continue

Added by Leon van der Eijk on December 24, 2012 at 7:56am — No Comments

Identifying unknown files by using fuzzy hashing

Identifying unknown files by using fuzzy hashing…



Continue

Added by Leon van der Eijk on July 25, 2011 at 11:56am — 6 Comments

Closing the loop

 …

Continue

Added by Leon van der Eijk on February 21, 2011 at 8:23am — 5 Comments

Kippo results worldwide

Using maxmind to resolve found ip addresses on my kippo honeypot to longitude/latitude coordinates. The icons display "successful" brute-force ssh logins from all over the world ( using the googlemaps API)


Added by Leon van der Eijk on October 24, 2010 at 7:36am — No Comments

Some kippo results

On the 23th of July I started with the SSH honeypot kippo. So after a good two months I decided to collect all the urls/locations those “1337 h4x0rs” are wgetting all their files from.

(rootkits/ircbots/scanners)

I came up with the following list:

Continue

Added by Leon van der Eijk on September 28, 2010 at 7:51am — 2 Comments

Password popularity contest on KIPPO honeypot

Kippo honeypot results after 2 weeks in production

Password popularity contest…



Continue

Added by Leon van der Eijk on August 2, 2010 at 6:47am — No Comments

Carving malware from live memory

Introduction

After spending some time in our laboratory, experimenting with some ruby scripts for the metasploit framework, I conducted a small experiment. I was wondering what if I could carve files out of

memory-dump files ?! It could be possible to carve out portable

executables/malware as well. This write-up demonstrates what I did.



How to get malware



Getting infected…

Continue

Added by Leon van der Eijk on March 1, 2010 at 4:11am — No Comments

Latest Activity

Anton Vyacheslav is now a member of Dissecting The Hack
Dec 9, 2018
bernardorichard updated their profile
Nov 28, 2018
Sam Mccalla is now a member of Dissecting The Hack
Nov 19, 2018
bernardorichard is now a member of Dissecting The Hack
Oct 24, 2018

Stratagem 13 News Feed

© 2019   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service