From the ADMIN Update newsletter: Matthias Wübbeling examines the OpenCanary honeypot for detecting attacks https://www.admin-magazine.com/Archive/2023/75/OpenCanary-attack-detection #security #honeypot #OpenCanary #network #Docker

Issue 75: Teamwork is available now! Order your copy from us to get it faster and get the best price https://www.admin-magazine.com/Archive/2023/75 #sysadmin #MicrosoftTeams #ExchangeServer #Matrix #security #Sandstorm #productivity #cloud #Azure #IoT #phishing #Zabbix #monitoring #OpenCanary

my #opencanary birds are now filling new dashboards in Splunk. #theracetothebottom is on!

https://www.ciso.pm/the-race-to-the-bottom/

my #opencanary tells me 18/20 of the top credential sets it sees are related to the defaults exploited by Mirai: https://sc.ciso.pm/miraipasswords

According to my #opencanary, 18 of the top 20 credential combos it gets given are related to Mirai: https://sc.ciso.pm/miraipasswords

Here's the ranking of Mirai credentials hitting my #opencanary - bottom figures being where the creds rank in those seen by the honeypot.

More #opencanary #top40 reporting, this time pulling the cross-section of credentials that intersect with the Mirai #tyrannyofthedefault creds:

After one month of collecting passwords with #opencanary, not a monkey in sight.....

Another host at #OVHHostingInc has fallen in love with the MS SQL port on my #opencanary 😂​

Someone decided my #opencanary MSSQL port is very, very interesting. Trust me, it‘s not but thanks for your 300‘000 connnections on Sunday 😳

192.99.9.170, my new best friend from Canada 🤣

#opencanary logging to #splunk over #tailscale for a week now, giving some great statistics.

https://www.ciso.pm/opencanary-one-week-in-splunk/

Evidence that the Internet is a dirty place #opencanary

My #opencanary is now logging into Splunk (from Oracle Cloud via Tailscale) with a dashboard for weekly, monthly and yearly stats. The Internet is a dirty place!

@katzmandu I have #opencanary VMs in my DMZ at home and also on my network at home #teenagers 😂​

My Splunk dashboard is now fairly indicative of trends hitting my #opencanary. Including the latest usernames and passwords being attempted #dirtyinternet

#opencanary logging to Splunk via Webhooks and JSON being translated into dashboards. Bye-bye one-week logging limit and basic statistics:

https://www.ciso.pm/improving-opencanary-logging/

I managed to bring my #OpenCanary into logging to Splunk with webhooks. It's really cool!

https://www.ciso.pm/improving-opencanary-logging/

My #opencanary in the Internet still has gaps in logging (too many webhooks configured = gaps) but sees 120'000 intrusion attempts per week.

With the gaps eradicated, I expect around 150'000 attempts per week which would be just shy of 8 million per annum.

On Monday in a 3 hour period, there were 12'000 attempts alone.

SSH and Telnet for #pwnership were the main targets.....

#securitynow

My #opencanary in the Internet still has gaps in logging (too many webhooks configured = gaps) but sees 120'000 intrusion attempts per week.

With the gaps eradicated, I expect around 150'000 attempts per week which would be just shy of 8 million per annum.

On Monday in a 3 hour period, there were 12'000 attempts alone.

SSH and Telnet for #pwnership were the main targets.....

I put together the steps I went through for #opencanary in Oracle's Cloud: https://sc.ciso.pm/opencanarysetup
someone else might enjoy putting together their own honeypot :)