January 24, 2012 0

SSH Honeypot Project – No more

By in Honeypot

I think its time to move away from the SSH honeypot project I setup about a year ago. There is a number of reasons for this, which include:

Time constraints – Replying to ISP’s / Netblock owners can take time to discuss issues, the project sends out about 15-30 reports a day and would get a few replies to them asking for more information or a joint monitoring effort in some cases.

Cost – A few of the honeypots a donated (Big thanks to them! Rod, Jakob) but a lot of them I had to pay for. I got good deals but they are starting to run out now.

Discovery – I had to get IP address changed regularly as the IP address would get passed around or even posted in forums (found a few on Google searches). This was a pain to do, most providers changed them freely but some got a bit sticky about it, no wonder tbh.

Popular – Since SSH honeypots have come quite popular now as well pre-built scripts for displaying stats such as Kippo-Graph, Kippo-stats and Kippo2MySQL to name a few good ones. There is plenty of data sources up now to get decent information on any attacks that might be happening.

I wont bother releasing the PHP scripts to display the stats, they are pretty straight forward and there are alternatives (email me if you want them tho) . I will upload the Ruby scripts to github that generate the charts.I will also release the script that does recursive look-ups on WHOIS and then AS records to find the netblock address owners ( to many wrong WHOIS records these days) and then reports the IP address.

I will keep the page up for historical reasons but it will no longer be updated. That being said I am very interested in honeypots and I am already working on a new honeynet project…

I will close all the honeypots by the end of the month.

January 23, 2012 0

To tweet or not to tweet?

By in Honeypot, Linux, Networking, Programming

I have setup a twitter account, about time to eh?

I always wanted to setup an account for my honeypot project for the intention of updating it with the latest attacks but I just went and setup one for my own use instead! As a big fan of the terminal in Linux I wanted to try out tweeter clients that would allow me to see mentions, post updates, trends etc, there are a few such as TTYtter and BTI but they seemed really over-kill for what I was after so I rolled my own. I will make a separate post and upload the Ruby code later tonight or tomorrow for the terminal client, its pretty simple.

Honeypot Project

While I was ill two of the honeypots went down for a few days leaving only 1 working. I think the honeypots might of been discovered or it could just be a serious drop in ssh attacks over the last month, they went 25 days without any malware downloaded which is a bit weird.

Replying to all the abuse reports can get really time consuming (and frustrating) so I am thinking of just leaving it running with the 2-3 honeypots, just maintaining as is, and moving on to another project.

domRecon Project

This online tool that I made a while back tries to discover sub-domains, its quite a popular tool according to page hits. I think am going to re-write it in Ruby just so I can get use to sockets etc and maybe make the script a little bit more efficient!

January 9, 2012 0

Quick update

By in Linux

Just a quick update, the graphs for the honeypot project were broken for a few days into the New Year but I have now fixed them (got a few emails abut it) :-)

Ended up in hospital over the Christmas period so I haven’t had much time to work on anything lately but hopefully I will get back into the swing of things shortly!

December 13, 2011 0

Humble Indie Bundle

By in Games, Linux

I don’t normally blog about gaming on Linux but I think I should mention the Humble Indie Bundle 4!. You can pay whatever you want for the bundle!

As a avid Linux user I am always in the look out fo native games for Linux and the humble pack bundles never fail to deliver. This time around they have 7 Linux native game, 7!

  1. Shank – 32bit (.bin)
  2. Super Meat Boy – 32bit (.bin)
  3. NightSky – 32bit (.zip)
  4. Jamestown – 32bit (.tar.gz) (.rpm) (.deb)
  5. Bit.Trip Runner – 32bit & 64bit (.tar.gz) (.deb)

If you pay more than the average, currently sitting at $4.92 (£3.16) you get these 2 games add to the bundle.

  1. Gratuitous Space Battles – 32bit (.tar.gz)
  2. Cave Story+ – 32bit (.zip)

It would be good to see more 64bit games added to the bundle at launch but they so sometimes add them later on which is always welcomed. Also it is good to see Super Meat Boy also released on Linux after the developers had a few unfavorable words about Linux games a few years. I don’t think they understood that you don’t have to release source code for games or applications under Linux which seems to be a common perception. Here are a few select quotes from a interview they done:

There’ll also be a Linux version, because (laughing) we’re gonna waste our time with a Linux version (laughs). Linux is garbage.

I can’t wait for some Linux programmer guy to e-mail me and say “I’ll port this for free”, because I already have the e-mail already written that I’m going to send back to him, and basically tell him to fuck off, indefinitely.

The source belongs to me, alright. So open source, no way. Linux, Linux can fuck off for all I care.

Update 1.: Jamestown does support 64bit however, it seg faults when you try and run it hehe
Update 2.: None of the 64bit games work, how frustrating!

December 6, 2011 0

Honeypot Blacklist

By in Honeypot

Just a quick update to say I have added downloadable blacklists of IP address that have attacked the honeypots recently. You can download the blacklist in various formatted lists such as IPTables, Cisco ACL or just a plain old text file!

Enjoy!

http://honeypot.jayscott.co.uk/ip/blacklists/

Tags: , ,

Older Posts