Jump to content

Recommended Posts

Posted

Do any of you guys have any experience with kippo ?

I'm looking to set up my first honeypot. You know just to see and test out. And i'm wondering if any got some tips / tricks they might want to share.

Kind regards,

GuardMoony

Posted

I don't know the software. General advice when setting up a Honeypot:

1. Assume the honeypot has been completely compromised from day 1. Monitor the machine by looking at the traffic ONLY.

2. Try to run the install off of read-only media (CD/DVD/write-protected SD/...) so a quick reset will revert any changes anybody may have made.

3. DO NOT set this up on your home network directly accessible via your ISP - they might notice the suspect traffic, assume you've been hacked and shut you off (yup, experience talking here. If it happens to you, call them up and say you've found and completely reinstalled the hacked machine. Blame a family member who'se since had a stern talking to. DO NOT say you're running a honeypot as they'll probably tell you that's against their TOS and it'll take longer for you to get back online).

4. Never, EVER connect to this machine via the network. If you must log on, do so using direct access. Absolutely NOTHING on this machine can refer to anything else you have access to as it'll likely become the next target once the honeypot has been taken.

5. If this machine resides on your network, FIREWALL THE LIVING FUCK out of the connection between it and the rest of the network. See #1. Try to airgap the thing.

And of course

6. Report back what you find. It should be pretty interesting.

Posted (edited)

1st off i wont be running on my private internet connection. It will be placed in a datacenter after a firewall. Only port 22 will be configured as forward ( ssh honeypot ) outgoing only the minimum will be allowed. Access to the vps running it will happen over a vpn towards the vps server and then by console ( close to direct as possible ). Might allow trusted community members access to the data. there are some scripts to let it autosend the data/logs by mail.

Edited by GuardMoony
Posted

What are the services you will activate on the server for any attacker to exploit?

Posted

As written above: kippo is only a SSH honeypot so only ssh service will be there. It also simulates a basic shell. And allows for wget/ftp to work. Hench capturing malware/exploits

Posted

Read a bit more about Kippo. It looks pretty nice and it's an interesting concept. I'd be quite interested to know what it turns up.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...