Honeypot / Honeypots.tk


- What are we doing ?

We are collected the data from our honeypot services. Our goal is to spread this data free of charge.
The honeypot records on the list are taken from the servers located in different locations.

- Which protocols are used ?

* Http (Port 80)
* Smtp (Port 25)
* Proxy (Port 3128)
* Telnet (Port 23)
* DNS (Port 53)
* FTP (Port 21)
* SSH (Port 22)

- What is the data content ?

The honeypot data contents are as follows for different services;
* Connection date and time
* Attacker ip address and location
* Smtp commands and answers with attacker attempt
* Putted eml(data) message by attacker
* Http method and access url
* Client requested header information for http and proxy request
* Client requested http url informaiton for proxy request
* Telnet username and password retry
* DNS query content
* All received commands

- How to collect the data from honeypots ?

Our services are installed on many servers on a wide area network.
Our servers do'nt have any DNS record. So they do not provide any services
Attacker attempting to connect are implementing system information gathering or remote code execution.
We wrote our own services to collect attacker information. These services collect the ip address, executed codes, requested URLs and the header information that they leave.
Finally they will forward this information to our central server from honeypots.

Please share your wishes, opinions and suggestions with us:

If you like, you can support to
us with your donations..