Ready to Start Your Career?

Unusual Experience With Honeypot

Author's profile image

January 1, 2016

Quite a while since my last post on cybrary but here it goes as it seems a relevant topic. I have run honeypots for quite a few years, on and off, but I have never before seen the intrusions attempts I am getting nowadays. This is on one of my current honeypot (Cowrie. a fork of Kippo), which is part of a T-Pot (Deutsche Telekom AG Honeypot Project) server i did setup two weeks ago on a vps located in LA (USA). Over the two weeks since it has bee set up I noticed an increase in the number of intrusions attempts. In the last couple of days we are talking of about 1.5 millions events per day as per my kibana analysis. That is a few hundred thousands different logins attempts per day! The vast majority (95%+) comes from two sequential ip addresses located in The Netherlands. To date the system has not failed yet, but with such brute force attack, I am getting nervous. Has anyone had similar experiences or has any advice? Interesting...any info gathered on those addresses? They are obviously a large server hosting provider, they use to have a more than a reputation for hosting warez and torrents a few years back. They claim to have cleaned their act since then. If course the ip's concerned could have been hijacked.
Schedule Demo