In the last weeks I’ve been inspecting what kind of traffic is sent to my DSL Router (I will soon post a report) and I’ve found many telnet and ssh connection attempts. I’m very curious about that traffic so I’ve decided to test Kojoney SSH Honeypot. Kojoney was developed by Joxean Koret and there’s a good post about it at madirish.net.
Kojoney installation is very easy and well-documented. In my case I have followed this steps:
- apt-get install build-essential python python-dev
- wget http://downloads.sourceforge.net/project/kojoney/kojoney-0.0.4.2.tar.gz?use_mirror=netcologne
- tar xvfz kojoney-0.0.4.2.tar.gz
- cd kojoney
- sh INSTALL.sh
- You will have to accept the licence and answer some final questions about running automatically at boot time (it will install an init.d script).
- Thanks to mig5: the script will try to guess where man is installed but in Debian it will fail so you will have to specifythe path (/usr/share/man/man1 on Debian)
- If you want to change SSH listening port edit /usr/share/kojoney/coret_config.py and changeย ROOT_CONFIG_PORTS
Kojoney offers valuable report tools, so I will share with you the results in the following days.
Have fun!
You must have too much spare time, yet another tool I’ve had on my radar to try and not found the time. Let me know how you find it.
— Andrew
๐ I’m a mild insomniac.
Jeez, i agree with Andrew *dramatic sigh*. Curious about your results ๐
Leon
On Debian, Kojoney tries to guess the location of the manfiles but fails. The path on my system is /usr/share/man/man1
Just in case it helps anyone who comes looking ๐
I like Kojoney – it’s quite simple/crude, but easy to write your own simple emulation responses to basic commands thrown by the bot/attacker.
Thanks a lot, you’re right about manfiles I will add it. For now the log shows authentications but no attempted commands ๐
You should really try kippo: http://code.google.com/p/kippo/
Great! Thank you very much Lukas. I knew nothing about kippo I will try it!