1. 5

  2. 4

    [..] kippo has not had any real security audit done on it, [..]

    And it depends on twisted and, of course, python. I am lacking the happy feels in my tummy.

    1. 2

      I used it for an university-internal security lab. It was easy to set up and did its job.

      Though I’m not sure I’d deploy it on any Internet-exposed instance just yet.

      1. 2

        I ran a kippo honeypot for about three months - and while it was useful to see what passwords were being using against particular accounts - it was interesting to see that none of the password guessers ever tried to log into the system, even when they successfully guessed the password…

        1. 2

          I used to run a lot of Kippo instances with great results.

          The ‘problem’ with medium interaction honeypots is that usually they’re easy to detect once you know their tells. There are a lot of ways to detect Kippo. There is a number of Kippo forks available that fix the above issues, plus a lot more.

          After running a honeypot for a while, you start noticing steps people/bots take to detect honeypots so you can start self-patching the honeypot to differentiate it, but it’s a constant cat and mouse game.

          1. 1

            Could you please share with us the kippo forks that solve those issues?