Decreasing ROI

24 views
Skip to first unread message

AndrewWaite

unread,
Jul 2, 2011, 10:41:08 AM7/2/11
to kippo users
All,

I've been frustrated over the last few months as the attacks my Kippo
system is receiving are becoming increasingly infrequent. I've tried
several things to re-initialise the level of interest my sensor is
receiving but without any apparent success. So I'm hoping others can
provide some context and/or confirmation for a few questions:

+ Have/are others experiencing the same pattern with their sensors?
+ Is this part of a larger trend in attacks against SSH services?
+ Are attackers (and/or automated scanners) getting better at
identifying Kippo sensors before any meaningful interaction?

As always, any insight or assistance would be appreciated.

Thanks in advance,
Andrew

Tomasz Miklas

unread,
Jul 5, 2011, 1:09:31 PM7/5/11
to kippo...@googlegroups.com, kippo users
In what I see the decrease is normal thing. Word gets out there's honeypot on a given IP. Kippo is quite predictable unless you configure it with a lot of love ;) I took down my instances for now, will return soon on another ip another network and with totally different configuration.

Simply static system is not sustainable in my opinion.

--
Tomasz Miklas

> --
> You received this message because you are subscribed to the Google Groups "kippo users" group.
> To post to this group, send email to kippo...@googlegroups.com.
> To unsubscribe from this group, send email to kippousers+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/kippousers?hl=en.
>

AndrewWaite

unread,
Jul 5, 2011, 1:43:19 PM7/5/11
to kippo users
Thanks Tomasz,

that's what I was starting to suspect, think my sensor may go the same
way for a while. At least it'll free up hardware and IP space for
something new in the meantime.

--Andrew
Reply all
Reply to author
Forward
0 new messages