search

desaster / kippo

Kippo - SSH Honeypot
1.61k stars 279 forks source link

netstat list #173

Open sosdow opened 9 years ago

sosdow commented 9 years ago

I've been running Kippo for approx 3 months, getting lots of bot activity and 1 or 2 human interactions. Decided to run netstat and found the attached. I am trawling through the logs to see if I can find a pattern. I'm concerned that some bots 'established' a permanent connection to/through my honeypot. Or is this normal? Thank you. Seamus. ........................................ Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.2:2222 11.189.182.202.st:51719 ESTABLISHED tcp 0 0 192.168.1.2:2222 103.41.124.112:37702 ESTABLISHED tcp 0 0 192.168.1.2:2222 huzhou.ctc.mx.fun:53293 ESTABLISHED tcp 0 0 192.168.1.2:2222 c-50-180-233-168.:46462 ESTABLISHED tcp 0 0 192.168.1.2:2222 ec2-54-215-215-82:51896 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:49458 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:40917 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:45087 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:54248 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:58113 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:45999 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:38547 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:36190 ESTABLISHED tcp 0 0 192.168.1.2:2222 huzhou.ctc.mx.fun:24507 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:53191 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:51024 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:50864 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:54144 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:52024 ESTABLISHED tcp 0 0 192.168.1.2:2222 106.39.41.168:44302 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:35846 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:48515 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:51029 ESTABLISHED tcp 0 0 192.168.1.2:2222 64.123.148.146.bc:43412 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:41262 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:43825 ESTABLISHED tcp 0 0 192.168.1.2:2222 213.51.174.61.dia:49931 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:43177 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.218:42222 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.214:39992 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:46776 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:36167 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:52252 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:43310 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:58410 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:57111 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:44087 ESTABLISHED tcp 0 0 192.168.1.2:2222 213.51.174.61.dia:57314 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:39960 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:58627 ESTABLISHED tcp 0 0 192.168.1.2:2222 229.50.174.61.dia:36186 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:57978 ESTABLISHED tcp 0 0 192.168.1.2:2222 235.51.174.61.dia:27296 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:43325 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:46109 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:47731 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:58875 ESTABLISHED tcp 0 0 192.168.1.2:2222 121.12.170.127:4418 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:40821 ESTABLISHED tcp 0 0 192.168.1.2:2222 219.51.174.61.dial:2656 ESTABLISHED tcp 0 0 192.168.1.2:2222 222.186.58.205:1089 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:42158 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:52455 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:47760 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:58001 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:53195 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:52414 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:38223 ESTABLISHED tcp 0 0 192.168.1.2:2222 103.41.124.46:48038 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:56478 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:45839 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:7176 ESTABLISHED tcp 0 0 192.168.1.2:2222 235.51.174.61.dia:40399 ESTABLISHED tcp 0 0 192.168.1.2:2222 218.2.0.129:50726 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:38993 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:46772 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:55867 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:54244 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:58273 ESTABLISHED tcp 0 0 192.168.1.2:2222 222.186.58.205:3237 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:48302 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.117:38990 ESTABLISHED tcp 0 0 192.168.1.2:2222 221.228.205.196:43365 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.125:6546 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:54826 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:33066 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.98:15375 ESTABLISHED tcp 0 0 192.168.1.2:2222 103.41.124.13:55745 ESTABLISHED tcp 0 0 192.168.1.2:2222 1.93.34.237:54002 ESTABLISHED tcp 0 0 192.168.1.2:2222 219.51.174.61.dial:2657 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:44511 ESTABLISHED tcp 0 0 192.168.1.2:2222 ec2-54-93-54-143.:56111 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:55322 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.199:14178 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.211:50230 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:50122 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:35145 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:33711 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:55400 ESTABLISHED tcp 0 0 192.168.1.2:2222 64.123.148.146.bc:34309 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.221:7796 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:34686 ESTABLISHED tcp 0 0 192.168.1.2:2222 huzhou.ctc.mx.fun:42358 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.203:35303 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:38915 ESTABLISHED tcp 0 0 192.168.1.2:2222 103.41.124.46:60499 ESTABLISHED tcp 0 0 192.168.1.2:2222 106.39.41.168:45568 ESTABLISHED tcp 0 0 192.168.1.2:2222 106.39.41.168:59338 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.203:1723 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:41199 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:52352 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:34407 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.113:58918 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:34327 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:50050 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.97.77:59993 ESTABLISHED tcp 0 0 192.168.1.2:2222 222.186.34.36:2140 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.219:24614 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:46082 ESTABLISHED tcp 0 0 192.168.1.2:2222 249.50.174.61.dia:38939 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:57915 ESTABLISHED tcp 0 0 192.168.1.2:2222 222.186.58.205:1353 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:59864 ESTABLISHED tcp 0 0 192.168.1.2:2222 121.12.170.127:1675 ESTABLISHED tcp 0 0 192.168.1.2:2222 226.51.174.61.dia:39660 ESTABLISHED tcp 0 0 192.168.1.2:2222 122.225.109.109:5747 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:34088 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:43155 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:41829 ESTABLISHED tcp 0 0 192.168.1.2:2222 124.117.248.12:45946 ESTABLISHED tcp 0 0 192.168.1.2:2222 ec2-54-67-72-220.:57540 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:52609 ESTABLISHED tcp 0 0 192.168.1.2:2222 121.12.170.127:62897 ESTABLISHED tcp 0 0 192.168.1.2:2222 244.50.174.61.dia:10182 ESTABLISHED tcp 0 0 192.168.1.2:2222 89-248-107-4.rede:59703 ESTABLISHED tcp 0 0 192.168.1.2:2222 11.189.182.202.st:58796 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 11 [ ] DGRAM 9327 /dev/log unix 2 [ ] DGRAM 908137
unix 3 [ ] STREAM CONNECTED 8788 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 904283 /var/run/dbus/system_bus_socket unix 2 [ ] DGRAM 9390
unix 3 [ ] STREAM CONNECTED 908130
unix 2 [ ] DGRAM 905381
unix 3 [ ] STREAM CONNECTED 905390 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 907550 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 880225 /var/run/dbus/system_bus_socket unix 3 [ ] DGRAM 1763
unix 3 [ ] STREAM CONNECTED 904955
unix 2 [ ] DGRAM 820199
unix 3 [ ] STREAM CONNECTED 904956 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 906390
unix 3 [ ] STREAM CONNECTED 880793
unix 3 [ ] STREAM CONNECTED 880784
unix 2 [ ] DGRAM 9359
unix 3 [ ] STREAM CONNECTED 9409
unix 3 [ ] STREAM CONNECTED 907687 /var/run/dbus/system_bus_socket unix 2 [ ] DGRAM 906685
unix 3 [ ] STREAM CONNECTED 9361
unix 3 [ ] STREAM CONNECTED 905383
unix 3 [ ] STREAM CONNECTED 905384
unix 3 [ ] STREAM CONNECTED 907078 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 906686
unix 3 [ ] STREAM CONNECTED 905389
unix 3 [ ] STREAM CONNECTED 907081
unix 3 [ ] STREAM CONNECTED 908136 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 903066
unix 2 [ ] DGRAM 904738
unix 3 [ ] STREAM CONNECTED 906197 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 172318
unix 2 [ ] DGRAM 8756
unix 3 [ ] DGRAM 1764
unix 2 [ ] STREAM CONNECTED 906389
unix 3 [ ] STREAM CONNECTED 880795
unix 3 [ ] STREAM CONNECTED 880791
unix 3 [ ] STREAM CONNECTED 172319 /var/run/mysqld/mysqld.sock unix 3 [ ] STREAM CONNECTED 906587
unix 3 [ ] STREAM CONNECTED 880241 @/com/ubuntu/upstart unix 3 [ ] STREAM CONNECTED 9360
unix 3 [ ] STREAM CONNECTED 880235 @/com/ubuntu/upstart unix 2 [ ] DGRAM 904954
unix 3 [ ] STREAM CONNECTED 880240 @/com/ubuntu/upstart