Honeypot is a computer security mechanism that is set up to detect, detect or prevent attempts to unauthorized use of information systems. It generally acts as an imitation service, collects data and processes them.
- What we do ?
We are collected the data from our honeypot services. Our goal is to spread this data free of charge.
The honeypot records on the list are taken from the servers located in different locations.
The collected data contents are as follows for different services :
* Connection datetime
* Attacker ip address and location
* Smtp commands and answers with attacker attempt
* Putted eml(data) message by attacker
* Http method and access url
* Client requested header information for http and proxy request
* Client requested http url informaiton for proxy request
* Telnet username and password retry
* DNS query content
* All received commands
- How do we work ?
Our services was installed on many servers on a wide area network.
Our servers do'nt have any DNS record. So they do not provide any services
Attacker attempting to connect will implementing system information gathering and remote code execution.
Therefore we wrote our own services to collect all attacker informations.
These services collect the ip address, executed codes, queries and requested URLs and the header information that they leave.
Finally they will forward this information from honeypots to our central server.