«

»

Jan 19 2012

Some Kojoney results

I had my Kojoney SSH Honeypot running for about a week or so. The operation was smooth, I didn’t experience any crashes and the logging function keeps enough interesting data. Since I’ll be moving on to other systems/projects soon, I thought I should share some data before ending its operation.

The honeypot.log file has grown to 121.447 lines and 9.0M in size.

Kojoney Statistics:

Total successful logins: 698
Total failed logins: 7818
Total number of different credentials used: 8516
Total logins with null password: 12
Total logins with or without password: 8883
Number of times a remote shell was opened: 687

Total number of distinct IP addresses: 55
Most prominent countries (by number of appearances): China (CN), Russian Federation (RU), Italy (IT), United States (US), Spain (ES).

Some interesting/funny credentials I spotted include: vagelis, slayer, sims, sims2, reebok, lammer, harrypoter, ferrari, counterstrike, adidas.

Interesting commands executed: unset HISTFILE HISTSIZE HISTSAVE
Interesting files downloaded: http://anonym.to/?http://publick11.110mb.com/tomo/gma.tgz

I’m attaching 4 graphs: top 15 successful logins, top 15 failed logins, top 15 IPs (by number of connections) along with their country of origin, top 10 commands executed by attackers.

All in all, I can recommend Kojoney as an alternative to Kippo (which is easier to setup and has better logging capabilities ie MySQL, plus you can use Kippo-Graph of course! :) )

Powered by WordPress and the Graphene Theme.

More in Honeypots, Visualization
Kojoney SSH Honeypot, installation (CentOS) and configuration
Some Dionaea statistics
Starting with Dionaea malware honeypot
Kippo-Graph 0.6.2 released.
Kippo reveals itself with ‘w’ and ‘uptime’ commands
Close