I set up a kippo honeypot a few days ago. Mostly as a fun project as you can tell if you look around this blog. After a day or so I got hooked on it. I needed it to be better. So I did some reading and checked with the all powerful sysadmin- Google – and I found a few things I could try.
The first suggestion was to remove the default kippo login which was root:0:123456. Apparently this was deemed too easy for the bottom dwelling brute force attackers and would often alert them to the presence of kippo. So I did that and added a few easy password login combos that would seem legit if the admin of my fake server was lazy. Now these losers cannot get in. They hammer and hammer with their brute force attempts, but most fail to get in. I’m not sure if most of the people trying to brute force my SSH are idiots or just have bad wordlists. I find it sad they cannot guess some of these simple login combos. So I made the password login combos a little easier today. Time will tell.
The next thing I did was install a fresh version of Debian 7 on an old box. I added some fake users and open source accounting software. I went on to use the system to browse a few websites, make and delete files, create directories and leave some sensitive looking files in all the right places complete with data. I probably put more effort into this project than was necessary, but it’s fun at the moment.
I backed up my new “fake” linux system using tar and used kippo’s tool for cloning the filesystem- not in the order. I moved the files ystem to kippo’s /honeyfs and put the new pickle file in place and restarted kippo. The process is a bit more complicated than that but this isn’t a tutorial. I may do one soon if there is any interest from my 4 readers.
I tested my new kippo file system and it works. The idea is that most of the hackers looking to crack a SSH are well aware of how kippo acts and the default file system that comes with it. So to get the really good stuff you have to go the extra mile and do what I have done. No fault of the kippo developers- the honeypot is great and one of my favorites so far.
I’ll see where this goes and try to post anything funny or good that happens.