Decreasing ROI

[AndrewWaite]

All,

I've been frustrated over the last few months as the attacks my Kippo
system is receiving are becoming increasingly infrequent. I've tried
several things to re-initialise the level of interest my sensor is
receiving but without any apparent success. So I'm hoping others can
provide some context and/or confirmation for a few questions:

+ Have/are others experiencing the same pattern with their sensors?
+ Is this part of a larger trend in attacks against SSH services?
+ Are attackers (and/or automated scanners) getting better at
identifying Kippo sensors before any meaningful interaction?

As always, any insight or assistance would be appreciated.

Thanks in advance,
Andrew

[Tomasz Miklas]

In what I see the decrease is normal thing. Word gets out there's honeypot on a given IP. Kippo is quite predictable unless you configure it with a lot of love ;) I took down my instances for now, will return soon on another ip another network and with totally different configuration.

Simply static system is not sustainable in my opinion.

--
Tomasz Miklas

> --
> You received this message because you are subscribed to the Google Groups "kippo users" group.
> To post to this group, send email to kippo...@googlegroups.com.
> To unsubscribe from this group, send email to kippousers+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/kippousers?hl=en.
>

[AndrewWaite]

Thanks Tomasz,

that's what I was starting to suspect, think my sensor may go the same
way for a while. At least it'll free up hardware and IP space for
something new in the meantime.

--Andrew