ghost
commented
9 years ago bump.
This will lead to easy detection of Kippo (not that there's any evidence of it yet)
Open alhafoudh opened 10 years ago
ghost
commented
9 years ago bump.
This will lead to easy detection of Kippo (not that there's any evidence of it yet)
g0tmi1k
commented
9 years ago Blog posting about it: http://morris.guru/detecting-kippo-ssh-honeypots/
kippo:~# ping 555.555.555.555 PING 555.555.555.555 (555.555.555.555) 56(84) bytes of data. 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=1 ttl=50 time=41.0 ms 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=2 ttl=50 time=42.0 ms 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=3 ttl=50 time=43.5 ms 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=4 ttl=50 time=40.7 ms 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=5 ttl=50 time=47.7 ms
;)
And pinging 127.0.0.1: kippo:~# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1 (127.0.0.1): icmp_seq=1 ttl=50 time=49.3 ms 64 bytes from 127.0.0.1 (127.0.0.1): icmp_seq=2 ttl=50 time=42.2 ms 64 bytes from 127.0.0.1 (127.0.0.1): icmp_seq=3 ttl=50 time=42.3 ms
40ms? :)