Wednesday, August 11, 2010

Kippo Honeypot

My laptop currently running Kippo honeypot which can be downloaded here. It supports MySQL database (and soon, the author plans to support SQLite, I am not sure as an option or successor). Basically it's a honeypot which listen on SSH service on port 2222, which, if you're running on Linux for example you can reroute from port 22 (the normal port).

As in my case, I am currently running this service behind NAT, so I've to do the port forwarding thing prior to make it work.

This can be achieved by;

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 22 -j REDIRECT --to-port 2222

And you can check it by;

iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 46764 packets, 3114K bytes)
 pkts bytes target     prot opt in     out     source               destination
    1    60 REDIRECT   tcp  --  eth1   any     anywhere             anywhere            tcp dpt:ssh redir ports 2222

I have plenty of attempts including a brute force attempts with Japanese dictionary passwords. Seems MySQL really helps to get them shown to the screen in handy.

No comments: