CURLing for Crypto on Honeypots, (Mon, Dec 9th)

This post was originally published on this site

I get a daily report from my honeypots for Cowrie activity [1], which includes telnet and SSH sessions attempted on the honyepot. One indicator I use to find sessions of interest is the number of commands run. Most of the time there are about 20 commands run per session, but a session with over 1,000 commands run in a session is unexpected.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.