The botnet honeypot project consists of a honeypot that has been created and left open on the web to entice botnet activity. The honeypot is meant to attract curious criminals who are looking to attack open ports. The project includes capturing the IP address, open port, and date of the inquiry. The analysis includes looking up the IP address to determine the location, hostname, and domain of who was looking into the open ports
All of the IP addresses captured from the honeypot had to be looked up with an IP look up tool. There were 185 attackers, and 2500 victims within the captured packets. Each packet was saved and opened with the “grep” function in Linux. The IP addresses of the victims were then revealed. Each victim was then ran in Shodan to determine what kind of machine the victims were using.
The final phase of the project will be to analyze the victim information. The analysis will attempt to determine who, where and possibly determine a pattern of attacks. The attacks are not random, but look like a concerted effort to bombard the honeypot. There were 2500 victims, and over half had no information available, while many of the victims had multiple ports that were vulnerable. The final step will be to look up some of the strange ports encountered during the analysis, to determine what kind of machine was victimized.
Project Student: Joseph Johnson