← All posts tagged honeypot

wasd
SSH honeypot blog.macuyiko.com
Seventh example
Not only is this intruder very offensive, he also quickly spotted the honeypot.

server:~# adduser nigger
Adding user `nigger' ...
Adding new group `nigger' (1001) ...
Adding new user `nigger' (1001) with group `nigger' ...
Creating home directory `/home/nigger' ...
Copying files from `/etc/skel' ...
Password:
Password again:

Changing the user information for nigger

Enter the new value, or press ENTER for the default

Username []:
Must enter a value!
Username []: only
Full Name []: dumb
Room Number []: niggers
Work Phone []: use
Home Phone []: honeypot
Mobile Phone []: you
Country []: stupid
City []: nigger
Language []: HA
Favorite movie []: HA
Other []: HA
Is the information correct? [Y/n] y
ERROR: Some of the information you entered is invalid
Deleting user `nigger' ...
Deleting group `nigger' (1001) ...
Deleting home directory `/home/nigger' ...
Try again? [Y/n] n
wasd
SSH honeypot ncsc.nl
и ещё про ханипоты — с картой (заражённые машины, человеческие интерактивные логины), статистикой команд, статистикой по хостам, с которых забирали файлы wget'ом.