kippo icon indicating copy to clipboard operation
kippo copied to clipboard

Published 20 hours ago verified publisher icon desaster

ping _anywhere_ ?

Open alhafoudh opened this issue 10 years ago • 2 comments

kippo:~# ping 555.555.555.555 PING 555.555.555.555 (555.555.555.555) 56(84) bytes of data. 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=1 ttl=50 time=41.0 ms 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=2 ttl=50 time=42.0 ms 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=3 ttl=50 time=43.5 ms 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=4 ttl=50 time=40.7 ms 64 bytes from 555.555.555.555 (555.555.555.555): icmp_seq=5 ttl=50 time=47.7 ms

;)

And pinging 127.0.0.1: kippo:~# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1 (127.0.0.1): icmp_seq=1 ttl=50 time=49.3 ms 64 bytes from 127.0.0.1 (127.0.0.1): icmp_seq=2 ttl=50 time=42.2 ms 64 bytes from 127.0.0.1 (127.0.0.1): icmp_seq=3 ttl=50 time=42.3 ms

40ms? :)

alhafoudh avatar Jul 31 '14 19:07 alhafoudh

bump.

This will lead to easy detection of Kippo (not that there's any evidence of it yet)

ghost avatar Dec 15 '14 08:12 ghost

Blog posting about it: http://morris.guru/detecting-kippo-ssh-honeypots/

g0tmi1k avatar Dec 15 '14 11:12 g0tmi1k