top | item 37800024

(no title)

I've build a simple telnet honeypot that emulated some embedded device. I also got thousand of samples. I think it was mostly different strains of Mirai.

I learned some things about how bots fingerprint the honeypots, and patched it accordingly that they do not identify my service as a honeypot.

The funny thing about this was, that my ISP send me a letter (by post o.0), that i run a vulnerable service on my network.

The honeypot had a "MOD" from an old nuclear power plant, and did some random tarpit and randomly let random user/password combinations to log in.

It was a fun experiment

discuss

No comments yet.