73 lines
2.7 KiB
Markdown
73 lines
2.7 KiB
Markdown
# Open Honeypot Data
|
|
|
|
This is currently a proof-of-concept.
|
|
|
|
- Current number of honeypot severs: 6
|
|
- Server Locations: globally, different VPS providers
|
|
- IP Protocol: IPv4-only for now
|
|
- Times: UTC
|
|
|
|
**The goals**:
|
|
- gathering information about common attacks
|
|
- sharing data
|
|
- learning to automate
|
|
|
|
---
|
|
|
|
## Honeypot Types
|
|
|
|
### SSH
|
|
|
|
Data is percent-encoded (like an URL) to provide the information lossless and fully reversible as all kind of special characters are getting entered into the login field.. Spaces are `%20`. This adds one step, but makes it easier to see differences and run reports. [Use something like Cyberchef to decode it in your browser]("https://cc.uphillsecurity.com/#recipe=URL_Decode()&input=JTQwQWExMjMxMjMKJTQwQWExMjM0NTYKJTQwQWExMjM0NTY3ODkKJTQwQWJjZDEyMzQKJTQwQWRtaW4xMjMKJTQwQWRtaW4xMjM0CiU0MEFkbWluMjAyNgolNDBCTUQwMjExMzB6ZHIlMjEKJTQwRG1pbjEyMwolNDBEbWluMTIzLmNvbQ").
|
|
|
|
- harvesting of credentials used in brute force attempts
|
|
- honeypot listening on default port TCP/22
|
|
- low interactive, harvest credentials, no shell
|
|
|
|
It is productive, but I have to process the data.
|
|
|
|
---
|
|
|
|
## License
|
|
|
|
**Open Honeypot Data** by **Uphill Security** is licensed under the
|
|
**Creative Commons Attribution 4.0 International License (CC BY 4.0)**.
|
|
|
|
- Human-readable summary: <https://creativecommons.org/licenses/by/4.0/>
|
|
- Full legal code: <https://creativecommons.org/licenses/by/4.0/legalcode>
|
|
|
|
## You are free to
|
|
|
|
- **Share** — copy and redistribute the material in any medium or format.
|
|
- **Adapt** — remix, transform, and build upon the material for any purpose,
|
|
including commercially.
|
|
|
|
The licensor cannot revoke these freedoms as long as you follow the license
|
|
terms.
|
|
|
|
## Under the following terms
|
|
|
|
- **Attribution** — You must give appropriate credit, provide a link to the
|
|
license, and indicate if changes were made. You may do so in any reasonable
|
|
manner, but not in any way that suggests the licensor endorses you or your use.
|
|
- **No additional restrictions** — You may not apply legal terms or
|
|
technological measures that legally restrict others from doing anything the
|
|
license permits.
|
|
|
|
## How to attribute
|
|
|
|
When you use or redistribute this data, include a credit such as:
|
|
|
|
> "Open Honeypot Data" by Uphill Security, licensed under
|
|
> [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/).
|
|
> Source: <https://git.uphillsecurity.com/UphillSecurity/open-honeypot-data/>
|
|
|
|
Following the standard **TASL** pattern — Title, Author, Source, License.
|
|
|
|
## No warranty
|
|
|
|
The material is provided "as is" and without warranties of any kind. To the
|
|
extent possible under law, Uphill Security disclaims liability for any use of
|
|
this data. This summary is not a substitute for the full license text linked
|
|
above; in case of any conflict, the full legal code governs.
|
|
|