RE: NEED: Source for honeypot IPs etc 02-22-2017, 12:40 AM
#8
(02-21-2017, 11:53 PM)m0dem Wrote:(02-21-2017, 06:04 PM)Bish0pQ Wrote:(02-21-2017, 04:45 PM)lsp Wrote: Thanks thats brilliant.
Do you remember where you got it? Or have a suggestion for a collection system?
I got it from a private tool of mine which collects pastebin data. Anyway, I mean you could make a simple SSH checker, something that would try a various combinations of logins and than try execute some commands that are deleted by default on honeypots.
Also, please notice that people who setup honeypots usually have logins like root:toor, admin:password, because they want people to break in. That's why you could easily set up something like a checker which after login would try execute some commands.
Hit me up if you're interested in my help, I'll see what I can do but I can't promise anything.
This is interesting. How would you find the SSH servers to probe? Just go through the millions of IP's and check for SSH? (not to mention all the different ports SSH can be on)
That would be highly inefficient. You can exclude quite a few ranges (based on country, military IP's, government IP's...)
Most efficient would be getting them from various sources. Also, often honeypots are used on a VPS server, which will give you possibly more IP's to honeypots.
~~ Might be back? ~~
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)