Friday, February 23, 2007

Funnypot

A while ago, I started a project that tried to extract some humor from the concept of a honeypot. The idea was simple: I put up an SSH server with an easy root password, and created a shell for the root account that would (in theory) induce hapless hackers to type funny things. You can read some of the results at The Funnypot.

The problem was that, for the most part, the attackers either didn't understand what was going on or assumed that there was some magic command they could type that would cause the system to start behaving normally. I'm not sure why you'd keep trying UNIX commands once that shell started responding with lines like "Are you sure you know what you're doing?" I suppose in some cases it was just a script, rather than a human being on the other end of the connection.

Eventually I brought the server down and never bothered putting it back up. I still feel like there's some mileage I can get out of the concept, if I can just be a little funnier. Maybe I need to allow, or at least appear to allow, certain commands to work in order to encourage the intruders. Perhaps some detailed and useful (and by that I mean "silly and ridiculous") help messages would be good, too. I wonder what I could get people to enter in if I put up a help message that said something like "enter your email address and email password at the command prompt to enable the bash shell."

No comments: