[..] kippo has not had any real security audit done on it, [..]
And it depends on twisted and, of course, python. I am lacking the happy feels in my tummy.
I used it for an university-internal security lab.
It was easy to set up and did its job.
Though I’m not sure I’d deploy it on any Internet-exposed instance just yet.
I ran a kippo honeypot for about three months - and while it was useful to see what passwords were being using against particular accounts - it was interesting to see that none of the password guessers ever tried to log into the system, even when they successfully guessed the password…
I used to run a lot of Kippo instances
with great results.
The ‘problem’ with medium interaction honeypots is that usually they’re easy to
detect once you know their tells. There are a lot
of ways to detect Kippo. There
is a number of Kippo forks available that fix the above issues, plus a lot more.
After running a honeypot for a while, you start noticing steps people/bots take to
detect honeypots so you can start self-patching the honeypot to differentiate
it, but it’s a constant cat and mouse game.
Could you please share with us the kippo forks that solve those issues?