[Scottish] Checked your proxy lately?

Marco Fontani mfontani at cpan.org
Fri Jan 21 14:36:20 UTC 2011

> I moved my ssh server off the standard port to get rid of the constant
> poking it got and that simply killed all the noise.

I've always been running ssh on another (>1024) port.

Some weeks ago, I installed and started Kippo[0] and had external port
22 forwarded to it instead.
It's a SSH honeypot program that logs to files and optionally MySQL
connection attempts and connections succeeded.
For succeeded connections, the input is logged and available for
analysis along with any downloaded files.

It's amazing the amount of connection attempts people do to my box...
as well as the cluelessness of some who do connect ;)

I've since then released a wee webapp to track statistics of the SSH
honeypot on github[1].

I've been debating whether to have a cron script that lists
connections and details for me to mail abuse@ for the connections
which are clearly done by a human...


[0]: http://code.google.com/p/kippo/
[1]: https://github.com/mfontani/kippo-stats

Marco Fontani
Glasgow Perl Mongers: http://glasgow.pm.org/
Join the RackSpace cloud at: http://www.rackspacecloud.com/277.html

More information about the Scottish mailing list