fe7ch

>I'd caution against using elasticsearch. It has tendencies to break itself and loose all the data (because it is supposed to be used in different ways). This would be a...

I think it's not a problem of the honeypot, but a problem of some setups. Therefore users must take appropriate actions when installing the honeypot in the cloud. On the...

>And I suspect that you REQUIRE to have "sshd:", since it would flag everything as honeypot... Why? Most IoT devices don't have sshd process, even those who do accept SSH...

>I checked it with my server Try checking with your router.

1. The redirection is inserted by the ISP between honeypot and target. In my case it's not controlled by an attacker. The redirection is inserted by a large ISP that...

>If the attacker connects to the honeypot they already are going to know the honeypot's public. They don't know it in my setup. They know an IP address, but it's...

> I think @lelonek1 's post is clear, we need more control characters, not less :) After doing what 8libra said: > In transport.py I commented out lines 108, 125,...

It didn't hit me anymore yet. > Btw, I see the command execution as well (enable, shell, sh, cat /proc/mounts, etc). > But nothing after that. Do you see binaries...

> Hi all, most likely you see Hajime commands and not Mirai. The infection process looks like Mirai but it's not. It's simple to distinguish: 1. Hajime uses ECCHI as...

Are you sure that your cowrie is up to date? This issue was fixed severeal monthes ago.