CodePath Facebook Website Security Week 9 Assignment
Time spent: 19 hours spent in total
Objective: Setting up a honeypot using Google Cloud Platform and intercept some attempted attacks in the wild.
A honeypot is a decoy application, server, or other networked resource that intentionally exposes insecure features which, when exploited by an attacker, will reveal information about the methods, tools, and possibly even the identity of that attacker. Honeypots are commonly used by security researchers to understand the threat landscape facing developers and system administrators, collecting data that might include:
- Information about sources of malicious network traffic such as IP addresses, geographic origin, targeted ports, etc.
- Information used to harden resources against email spammers
- Malware samples
- DB vulnerabilities such as SQLI techniques
Top 5 Attacker IPs | Number of Attacks |
---|---|
195.154.181.191 | 13 |
202.96.50.225 | 6 |
139.60.161.43 | 3 |
5.9.49.72 | 2 |
178.159.37.99 | 2 |
Top 5 Attacker Ports | Number of Attacks |
---|---|
23 | 17 |
5060 | 16 |
10050 | 6 |
1433 | 3 |
8080 | 2 |
Honeypot (Dionaea with HTTP)
Very challenging to configure the firewall and Google Cloud Platform because it was my first time.