

Kippo Honeypot Video Gallery - wormold
http://blog.tjll.net/kippo-honeypot-video-gallery/ 

======
ebrinkster
Really interesting finds you got, thanks so much for sharing. I currently run
6 Kippo honeypots scattered across the USA (one at home on a Pi and the rest
on cheap VPS).

I see a lot of driving drunk at the shell as well. I can't count how many
times that I've seen uname misspelled... I haven't seen bitcoin just yet, but
I expect that'll show up eventually.

Shameless plug (sorry), I just did a talk on some of my Kippo honeypot
findings. Some here may find it interesting:
[http://www.irongeek.com/i.php?page=videos/grrcon2014/s06-bri...](http://www.irongeek.com/i.php?page=videos/grrcon2014/s06-bringing-
pwned-to-you-interesting-honeypot-trends-elliott-brink)

~~~
backwardm
Just watched your talk... really cool. (Yes, Raspberry Pi's are awesome!) When
you have your Kippo guide done, I'd be interested in setting one up myself. Be
sure to include those beefy cpu and meminfo's your buddy sent you.

~~~
ebrinkster
Getting those was absolutely awesome. Especially since in my mind a beefy
system was two 8 core procs. He was like "yeah...... hang on let me find you
something better". Will do.

------
backwardm
Here's another question... do honeypots like this one intentionally leave the
password blank? (I'd think that would be a pretty good red flag for the
attacker to not stick around... maybe that's what the hit & run guys were
doing)

It was really entertaining to watch the drunken typist give it his/her best.
:)

~~~
ebrinkster
Kippo by default sets the username as root and the password as 123456. You can
add additional username/password combinations, but having multiple passwords
to access the same account is a key red flag that the system is in fact a
honeypot. You can also simply change the root password to something extremely
complicated, especially good if you want a sensor that simply gathers password
data (since they'll be unlikely to guess a 65 character password).

------
JonLim
Curious, as I'm quite the noob: why would an attacker install an IRC bot onto
a vulnerable system?

Are they able to send the system commands via IRC? Or is it for a less
nefarious reason?

~~~
Fuzzwah
Yes to both. IRC is the common method of setting up a command and control
system for a network of hijacked systems.

~~~
JonLim
Gotcha, thanks!

------
ANTSANTS
You might want to come up with a better name for this article. "Honeypot Video
Gallery" sounds like something that you'd be sent to federal prison for
clicking.

~~~
ANTSANTS
Just to be clear to whoever downvoted me, I was being sincere. I was afraid to
click this link until I googled "Kippo," and I assume others are as well or
this would have more points by now.

~~~
abruzzi
honeypot is pretty standard terminology for a intentionally vulnerable system
intended to attract hackers. Maybe I'm unique but I wouldn't associate the
term with sex.*

* I don't know wether the term originated on its own (i.e. Winnie the Pooh getting stuck in his honeypot) but the term "honey trap" was spy terminology during the cold war for a trap that lures the target with sex, but that term is so removed I really don't associate it with this.

~~~
delluminatus
It's not (directly) related to sex. Honeypot is slang for a sting operation;
it's not only security professionals who use the term but also the police.

~~~
chpp
I'm honestly really surprised that someone on HN would assume HoneyPot was
anything but a reference to the "technical" honeypot. Guy deserves a downvote.

~~~
dmix
Downvotes are not for disagreeing or disliking a comment. Only if it doesn't
add to the discussion. At least thats how it used to be, before HN traffic
exploded and became redditized a while back. This should be communicated
better.

~~~
Fuzzwah
I can only paraphrase PG because I don't want to spend any time digging for
the actual comment, but he's basically said:

People can use downvotes however they want.

There is no guideline to communicate.

I can personally see the pros and cons of this stance. The cons are pretty
obvious, but the big pro is that there shouldn't be discussions like you and I
are having now.

