One week of honeypot factoids

Honeypots are interesting. They’re not particularly useful most of the time for hunting threaty threats, because honestly the only attackers they really catch are automated bots that didn’t try very hard to fingerprint their targets. But they are a sort of zoo, in that you can see some of the less threatening threats in the wild within the safe confines of a Kibana window.

So here’s one week of looking at the zoo I tend on my personal business ISP connection:

 

These are the passwords the bot armies use.

 

These are the usernames they tried.
You go, Moldova.
Ports 5500 and 3389 are super popular.

 

OH LOOK. I am the surprised. VNC and Terminal Server/RDP attacks. So many.
That terminal server exploit is against a CVE from 2001. A Space Odyssey. Wow.
Such the surpises here. Not.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.