![]() Share: Twitter Facebook LinkedIn Comments 5372 Unique IPs, 4082 Unique Usernames, 88829 Unique Passwords. That is correct, 54 million password attempts. Leaving this running for a couple of months, and I have a massive password database: $ wc -l /var/log/honeypot/ssh.log $ docker logs -f f6cb | grep -v 'Error exchanging' | awk '' > /var/log/ssh-honeypot.logĭetach from your screen session: Ctrl + a dĬhecking out the logs $ head -3 /var/log/ssh-honeypot.log Redirecting the output to a log file, running in the foreground as a screen session: $ screen -S honeypot ssh-honeypot 0.0.8 by Daniel Roberson started on port 22. Once people attempt to ssh, you will get the output to stdout: $ docker logs -f $(docker ps -f name=ssh-honeypot -q) | grep -v 'Error exchanging' | head -10 $ docker run -itd -name ssh-honeypot -p 22:22 local:ssh-honepot ![]() Thanks to random-robbie, as he had everything I was looking for on Github. Verify that the SSH Server is running on the new port: $ sudo netstat -tulpn | grep sshd Restart the SSH Server: $ sudo /etc/init.d/ssh restart Then I decided I actually would like to setup a SSH Honeypot to listen on Port 22 and change my SSH Server to listen on 222 and capture their IP Addresses, Usernames and Passwords that they are trying to use and dump it all in a file so that I can build up my own password dictionary :D SSH Configuration:Ĭhanging the SSH Port: $ sudo vim /etc/ssh/sshd_config The dashboard that showed me the results at that point in time: ![]() The last couple of days I picked up on my ELK Stack a couple thousands of SSH Brute Force Attacks, so I decided I will just revisit my SSH Server configuration, and change my SSH Port to something else for the interim. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |