17 comments

[ 4.7 ms ] story [ 53.8 ms ] thread
You might want to come up with a better name for this article. "Honeypot Video Gallery" sounds like something that you'd be sent to federal prison for clicking.
Just to be clear to whoever downvoted me, I was being sincere. I was afraid to click this link until I googled "Kippo," and I assume others are as well or this would have more points by now.
honeypot is pretty standard terminology for a intentionally vulnerable system intended to attract hackers. Maybe I'm unique but I wouldn't associate the term with sex.*

* I don't know wether the term originated on its own (i.e. Winnie the Pooh getting stuck in his honeypot) but the term "honey trap" was spy terminology during the cold war for a trap that lures the target with sex, but that term is so removed I really don't associate it with this.

It's not (directly) related to sex. Honeypot is slang for a sting operation; it's not only security professionals who use the term but also the police.
I'm honestly really surprised that someone on HN would assume HoneyPot was anything but a reference to the "technical" honeypot. Guy deserves a downvote.
Downvotes are not for disagreeing or disliking a comment. Only if it doesn't add to the discussion. At least thats how it used to be, before HN traffic exploded and became redditized a while back. This should be communicated better.
I can only paraphrase PG because I don't want to spend any time digging for the actual comment, but he's basically said:

People can use downvotes however they want.

There is no guideline to communicate.

I can personally see the pros and cons of this stance. The cons are pretty obvious, but the big pro is that there shouldn't be discussions like you and I are having now.

My initial thought was it was a link to some sort of sting operation also, as I did not know what Kippo was. I could definitely see sting operations as being interesting to the segment of this crowd with more anti-government leanings.
I'd agree if there was just a little more context in the title. Maybe "Hackers Caught on Video with the Kippo Honeypot" or something would be totally unambiguous.

Maybe I'm completely fucked in the head or something, but since only one or two other people in this comment thread seemed to catch my drift, I'll be explicit: the specific phrasing of "honeypot video gallery" makes me think "collection of videos that some police or 3 letter agency uses as a honeypot to catch criminals" which translates to "either gore/snuff or child pornography." Either something illegal to look at, or an article discussing the topic that could still ruin a sensitive or vulnerable person's day.

And of course such a thing would never reach 50+ upvotes on HN, but when I posted that comment, it was on the front page with 3 points and 0 comments. It was entirely within the realm of possibility then of being something horrible that a troll had used a voting ring to promote. Maybe now at 56 upvotes this concern seems ridiculous, but I hope my apprehension might make some sense within that context.

(also, I think it's ironic that literally the only time I've ever felt that a different submission title would be warranted, it remains unchanged...)

Curious, as I'm quite the noob: why would an attacker install an IRC bot onto a vulnerable system?

Are they able to send the system commands via IRC? Or is it for a less nefarious reason?

Yes to both. IRC is the common method of setting up a command and control system for a network of hijacked systems.
Here's another question... do honeypots like this one intentionally leave the password blank? (I'd think that would be a pretty good red flag for the attacker to not stick around... maybe that's what the hit & run guys were doing)

It was really entertaining to watch the drunken typist give it his/her best. :)

Kippo by default sets the username as root and the password as 123456. You can add additional username/password combinations, but having multiple passwords to access the same account is a key red flag that the system is in fact a honeypot. You can also simply change the root password to something extremely complicated, especially good if you want a sensor that simply gathers password data (since they'll be unlikely to guess a 65 character password).
Really interesting finds you got, thanks so much for sharing. I currently run 6 Kippo honeypots scattered across the USA (one at home on a Pi and the rest on cheap VPS).

I see a lot of driving drunk at the shell as well. I can't count how many times that I've seen uname misspelled... I haven't seen bitcoin just yet, but I expect that'll show up eventually.

Shameless plug (sorry), I just did a talk on some of my Kippo honeypot findings. Some here may find it interesting: http://www.irongeek.com/i.php?page=videos/grrcon2014/s06-bri...

Just watched your talk... really cool. (Yes, Raspberry Pi's are awesome!) When you have your Kippo guide done, I'd be interested in setting one up myself. Be sure to include those beefy cpu and meminfo's your buddy sent you.
Getting those was absolutely awesome. Especially since in my mind a beefy system was two 8 core procs. He was like "yeah...... hang on let me find you something better". Will do.