Let me introduce you research project: Honeypot as a Service (HaaS) powered by CZ.NIC
What is a honeypot?
It’s software, which simulates an operating system and allows attackers to log in and execute commnnands (for example: downloading malware through tftp/wget, removing some files and so on).
Each attack is recorded and we can analyse his/her behaviour also downloaded malware.
How does it work?
Volunteers (including an organization or company) will install and run HaaS proxy application, which will forward incoming traffic from port 22 (which is commonly used for SSH) to the HaaS server.
How can I get involved?
It’s very simple.
Sign up, add a device then download and run the HaaS proxy application.
What you will get?
Good feeling that you will contribute to improvement of cyber security and preparedness for cyber attacks in the Czech Republic.
Interesting information about the attacks on your device on HaaS website after login
From which IP address the attacker logged in
Credentials he used to login
The scripts, which the attacker ran in the honeypot
Thank you for any cooperation!
HaaS should be in next major TurrisOS version. In the meantime you can use SSH honeypot.
More details can be find here: Honeypot as a Service - Join the fight against malware!