Questions tagged [honeypot]

A honeypot is a system with vulnerable services left publicly accessible for the purpose of collecting data about intrusions and attacks. It usually has some kind of safeguards to prevent the complete takeover of the system.

19 questions
10
votes
10 answers

Setting up a fake email address to trap spammers

I have heard it suggested that we set up a special email address, with it's only purpose being to be harvested. Then blacklisting every sender that targets this address. I'm wondering: if anyone else has tried this how do you go about doing it (ie…
Brent
  • 22,219
  • 19
  • 68
  • 102
7
votes
1 answer

How to forward FTP requests to another IP?

I have a VMware: 10.10.10.1, a linux in VMware (Guest): 10.10.10.128 and a honeypot on Guest: 10.10.10.15, and my Windows (Host): 192.168.1.11. I can send FTP requests directly from my Host to honeypot and the connection is established. Now I want…
ThisIsMe
  • 73
  • 1
  • 7
5
votes
3 answers

Setting up a Honeypot in an Enterprise Environment

I'm interested to see if anyone here who administers a large environment (200-500 Servers), and has a very large public customer base (100,000+), has set up (or has at least considered setting up) a honeypot? I'm specially interested for those that…
Xerxes
  • 4,133
  • 3
  • 26
  • 33
4
votes
4 answers

Providing DNS redirection to honeypot server for known bad domains

Currently running BIND on RHEL 5.4 and am looking for a more efficient manner of providing DNS redirection to a honeypot server for a large (30,000+) list of forbidden domains. Our current solution for this requirement is to include a file…
syn-
  • 483
  • 3
  • 7
  • 10
3
votes
1 answer

Is there any useful/funny HTTP redirect for all those vulnerability probes?

I'm sure your HTTP logs, like mine, are full of 404 errors of various probes for common vulnerabilities and such: File does not exist: /www/XXXXXX.XX/data/email File does not exist: /www/XXXXXX.XX/data/exchange File does not exist:…
Luke404
  • 5,708
  • 3
  • 44
  • 58
2
votes
2 answers

Rejecting traffic where ACCEPT header is empty on favicon.ico requests

As part of filtering out potential harmful traffic, I currently reject traffic where $_SERVER["HTTP_ACCEPT"] is empty. I notice from my logs that a fair number of requests have been rejected due to the accept header being empty and some of them come…
mseifert
  • 359
  • 1
  • 4
  • 12
2
votes
2 answers

Has anyone ever tried to collect passwords and user logins from ssh-attacks?

I guess it should be easily possible to open the ssh port with a fake ssh server and collect passes (I guess they aren't plain anymore and became hashes) and corresponding logins, e.g. a honey-pot. The idea behind that is to build a database and…
math
  • 443
  • 3
  • 10
1
vote
2 answers

Prevent using spam trap e-mail address on registration

I am running a website where the users register using their e-mail addresses and receive a confirmation code before they can log in. (After this every contact is opt-in.) Every now and then some user uses an e-mail address that does not belong to…
Gábor Héja
  • 323
  • 2
  • 14
1
vote
3 answers

How to have sshd write passwords associated with login attempts in logs?

I would like to gather common login/password pairs. Currently, I have this in my system.log file: sshd[9117]: error: PAM: authentication error for root from localhost via ::1 How can I have the password inside the logs ? Edit: this is for my…
alecail
  • 201
  • 3
  • 7
1
vote
1 answer

better place to redirect spam than black hole?

I use throwaway email addresses of the form sitename@mydomain.com whenever I sign up to newsletters. When I get spam to them I unsubscribe from the newsletter and forward them to ":blackhole:". Is there somewhere I could forward them to instead that…
Sam Hasler
  • 301
  • 3
  • 13
1
vote
0 answers

HIDS: Need a trip wire for a honeypot, best approach?

We run a small VPS hosting company, each vps is based on a fixed 18.04 template. We run a honeypot, a fallow server, to verify the template continues to be secure. We look at it probably once a month seeing what has changed, any intrusion of any…
DaBuddha
  • 31
  • 2
0
votes
1 answer

Installed Kippo on a remote machine, cant get the root access back

This seems to be a foolish question, so I recently tried to install Kippo to my server (DigitalOcean). I logged in to the server using PuTTY, configure the honeypot etc until it's working. Then the connection suddenly closed. So every time is SSHd…
Adam
  • 325
  • 4
  • 7
0
votes
1 answer

Beeswarm Honeypot Setup

I am working on a POC of Beeswarm and I'm running into an issue with connecting the drone. For the basic setup, I have the server working fine and I can access it via https://X.X.X.X:5000 (I get a certificate error due to accepting the defaults).…
Eric
  • 1,373
  • 3
  • 17
  • 33
0
votes
2 answers

Throw brute-forcers into a honeypot, but still allow real SSH logins?

So just for fun I opened up SSH to the world and a few bots have latched on to my server (unsuccessfully trying to log in by password). But of course this fills up the logs. I've attempted to use DenyHosts, but somehow it's not really working, so I…
Tsaukpaetra
  • 221
  • 1
  • 10
0
votes
4 answers

Temporarily banning IPs for accessing certain ports

One of my server logs showed there was an unauthorized access attempt on a daemon listening on a non-standard port. That led me to wonder how often people run port scanners to look for vulnerabilities. Is there a program I can run as a honeypot to…
Lin
  • 2,869
  • 6
  • 26
  • 25
1
2