Honeypot: The preperations
Like the most of you I have a lot of people trying to breach into my linux box using ssh. I’m curious, what would happen if they can get in? It’s time to find out.
I am going to create a honeypot, a virtual machine in my network that I isolate, monitor and open up for attacks. I’ll share my findings here.
But first things first, I need to create the system and figure out which accounts to use. As I am building the system I grep my log files and have the following data presented to me:
firewall log # cat auth.log | grep "Invalid user" | awk '{ print $8 }' | sort | uniq -c | sort | tail
20 ftpuser
21 linux
23 postgres
24 info
28 web
30 oracle
37 user
49 admin
67 guest
68 test
Seems that the top 3 is admin, guest and test. Let’s make those first three the accounts for my honeypot that I open up, more on this later.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Comments are closed
Comments are currently closed on this entry.