BUSTED!

The password cracker script kiddies can't resist my picnic basket...

Today an attacker with a SSH brute force script accidentally "showed his hand" by connecting to my honeypot from his own system shortly after stopping his scan from his compromised system.

Unlike my previous, um, visitor, this attacker seems to have very few tricks up his sleeve.  He attempted to upload something to my honeypot through sftp.  Unsuccessful, he abandoned his attempts.

Today's "guest" is from Romania, and seems to prefer to scan using compromised systems in Germany to prevent his IP from being immediately reported for conducting port scans.

Much like other attackers, he shows that he is using his Windows system through the client version string "PuTTY-Release-0.53b".

A notification email has been sent to both ISPs to report the attacker, as well as his compromised system being used for scanning.


Original Log: Kippo-Mon 10172011.log