Decreasing ROI

Skip to first unread message


Jul 2, 2011, 10:41:08 AM7/2/11
to kippo users

I've been frustrated over the last few months as the attacks my Kippo
system is receiving are becoming increasingly infrequent. I've tried
several things to re-initialise the level of interest my sensor is
receiving but without any apparent success. So I'm hoping others can
provide some context and/or confirmation for a few questions:

+ Have/are others experiencing the same pattern with their sensors?
+ Is this part of a larger trend in attacks against SSH services?
+ Are attackers (and/or automated scanners) getting better at
identifying Kippo sensors before any meaningful interaction?

As always, any insight or assistance would be appreciated.

Thanks in advance,

Tomasz Miklas

Jul 5, 2011, 1:09:31 PM7/5/11
to, kippo users
In what I see the decrease is normal thing. Word gets out there's honeypot on a given IP. Kippo is quite predictable unless you configure it with a lot of love ;) I took down my instances for now, will return soon on another ip another network and with totally different configuration.

Simply static system is not sustainable in my opinion.

Tomasz Miklas

> --
> You received this message because you are subscribed to the Google Groups "kippo users" group.
> To post to this group, send email to
> To unsubscribe from this group, send email to
> For more options, visit this group at


Jul 5, 2011, 1:43:19 PM7/5/11
to kippo users
Thanks Tomasz,

that's what I was starting to suspect, think my sensor may go the same
way for a while. At least it'll free up hardware and IP space for
something new in the meantime.

Reply all
Reply to author
0 new messages