You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem? 1. Login to the honeypot system (eg root/123456)
2. Type 'w' in the terminal
Every Kippo installation seems to have hardcoded the following values for the 'w' command: "up 14 days, 3:53, 1 user, load average: 0.08, 0.02, 0.01". What version of the product are you using? On what operating system? Latest SVN version on Ubuntu Server 11.04 Please provide any additional information below. As you realise it's relatively easy for an attacker to know from the second he runs the w command (usually the first or second input on a TTY session) that this is a Kippo honeypot.
Proposed fix: Either put the value in the config file and let the user change it accordingly, or use a rand()-like function for a realistic value.
From ikoniaris on January 03, 2012 02:14:55
What steps will reproduce the problem? 1. Login to the honeypot system (eg root/123456)
2. Type 'w' in the terminal
Every Kippo installation seems to have hardcoded the following values for the 'w' command: "up 14 days, 3:53, 1 user, load average: 0.08, 0.02, 0.01". What version of the product are you using? On what operating system? Latest SVN version on Ubuntu Server 11.04 Please provide any additional information below. As you realise it's relatively easy for an attacker to know from the second he runs the w command (usually the first or second input on a TTY session) that this is a Kippo honeypot.
Proposed fix: Either put the value in the config file and let the user change it accordingly, or use a rand()-like function for a realistic value.
Original issue: http://code.google.com/p/kippo/issues/detail?id=47
The text was updated successfully, but these errors were encountered: