Message Board

Installing Honey Pots

Older Posts ]   [ Newer Posts ]
 Installing Kippo - Ubuntu 13.04
Author: K.Miller12   (13 Sep 13 11:20am)
Hi I've it been racking my brains why kippo honeypot will not log any sort of login attempts against my decoy ssh server,
My real SSH is serving in a high port, Kippo seems to accept new connections but after a few seconds the connection is lost,(see snip from log file below) maybe it's just a ping scan I thought but i'm not convinced because when I put my real SSH server on standard port 22 overnight I awoke the next morning to various login attempts in a matter of a few hours.

I left kippo on for 3 straight days and kippo logged no attempts, nothing but new connections and disconnections!

Everything is correctly set up which I'm now sure is 100% right, I'll break it down very briefly.

Method 1
Added new user kippo.
Used authbind to bind tcp/22 to user kippo.
Kippo.cfg port to listen on 22
Added authbind --deep in front of start.sh script.
Router forwarding port 22 to LAN of 192.168.1.66 (honeypot)
Executed start.sh script under user kippo

Kippo starts fine, but doesn't, log attempts

The alternative method 2
As above but with kippo.cfg on default port 2222 then I used plain old iptables to forward tcp/22 traffic to tcp/2222

Still nada! Dam it

Now the strange thing is I can directly connect to my honey pot outside of my local network and kippo will log everything as it should!!, but I don't understand why it's not being picked up and attacked in the wild, being the most common port of attack I find it very odd.

I have no idea other than my network for being wireless is the issue, I've still to try this through Ethernet and that's why I'm having cables installed in my cavity walls!

Have any question or answers for me?

Many thanks!

2013-09-13 00:09:18+0100 [kippo.core.honeypot.HoneyPotSSHFactory] New
connection: 203.XX.40.XXX:36502 (192.168.1.66:2222) [session: 3]
2013-09-13 00:09:27+0100 [HoneyPotTransport,3,203.XX.40.XXX] connectio
n lost
2013-09-13 07:37:37+0100 [kippo.core.honeypot.HoneyPotSSHFactory] New
connection: 117.XX.127.XX:47580 (192.168.1.66:2222) [session: 4]
2013-09-13 07:37:45+0100 [HoneyPotTransport,4,172.XX.127.XX] connectio
n lost
2013-09-13 11:38:56+0100 [kippo.core.honeypot.HoneyPotSSHFactory] New
connection: 46.XXX.221.XXX:54272 (192.168.1.66:2222) [session: 5]
2013-09-13 11:38:57+0100 [HoneyPotTransport,5,46.XXX.221.XXX] connecti
on lost
2013-09-13 11:47:42+0100 [kippo.core.honeypot.HoneyPotSSHFactory] New
connection: 183.XXX.32.XX:46421 (192.168.1.66:2222) [session: 6]
2013-09-13 11:47:52+0100 [HoneyPotTransport,6,183.XXX.32.XX] connectio
n lost



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email