I ran a kippo honeypot for about three months - and while it was useful to see what passwords were being using against particular accounts - it was interesting to see that none of the password guessers ever tried to log into the system, even when they successfully guessed the password…
The ‘problem’ with medium interaction honeypots is that usually they’re easy to
detect once you know their tells. There are a lotof ways to detect Kippo. There
is a number of Kippo forks available that fix the above issues, plus a lot more.
After running a honeypot for a while, you start noticing steps people/bots take to
detect honeypots so you can start self-patching the honeypot to differentiate
it, but it’s a constant cat and mouse game.
And it depends on twisted and, of course, python. I am lacking the happy feels in my tummy.
I used it for an university-internal security lab. It was easy to set up and did its job.
Though I’m not sure I’d deploy it on any Internet-exposed instance just yet.
I ran a kippo honeypot for about three months - and while it was useful to see what passwords were being using against particular accounts - it was interesting to see that none of the password guessers ever tried to log into the system, even when they successfully guessed the password…
I used to run a lot of Kippo instances with great results.
The ‘problem’ with medium interaction honeypots is that usually they’re easy to detect once you know their tells. There are a lot of ways to detect Kippo. There is a number of Kippo forks available that fix the above issues, plus a lot more.
After running a honeypot for a while, you start noticing steps people/bots take to detect honeypots so you can start self-patching the honeypot to differentiate it, but it’s a constant cat and mouse game.
Could you please share with us the kippo forks that solve those issues?