Home 0P3N Blog Unusual Experience With Honeypot
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Unusual Experience With Honeypot

January 1, 2016
authors profile image
January 1, 2016
Quite a while since my last post on cybrary but here it goes as it seems a relevant topic. I have run honeypots for quite a few years, on and off, but I have never before seen the intrusions attempts I am getting nowadays. This is on one of my current honeypot (Cowrie. a fork of Kippo), which is part of a T-Pot (Deutsche Telekom AG Honeypot Project) server i did setup two weeks ago on a vps located in LA (USA). Over the two weeks since it has bee set up I noticed an increase in the number of intrusions attempts. In the last couple of days we are talking of about 1.5 millions events per day as per my kibana analysis. That is a few hundred thousands different logins attempts per day! The vast majority (95%+) comes from two sequential ip addresses located in The Netherlands. To date the system has not failed yet, but with such brute force attack, I am getting nervous. Has anyone had similar experiences or has any advice? Interesting...any info gathered on those addresses? They are obviously a large server hosting provider, they use to have a more than a reputation for hosting warez and torrents a few years back. They claim to have cleaned their act since then. If course the ip's concerned could have been hijacked.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry