A Comprehensive Research Study on Low-Interaction Secure Shell Honeypot

Abstract

This paper details information acquired from a secure shell honeypot, including plaintext login credentials and comprehensive attack data. As the number of data breaches and password leaks rises year after year, more dictionaries of reverse-engineered hashed passwords develop. Besides contributing to educational password dictionaries, this article also attempts to provide information about the geographical makeup of hackers encountered, as well as favored protocols. Its goal is to encourage developers to produce practical honeypot solutions for organizations with limited resources for their cyber-protection, as well as to encourage organizations to implement such measures and study their data. The low-interaction, user-friendly honeypot created is capable of running without manual intervention, and without interfering with parallelly running processes. Besides collecting login credentials used with SSH, in plaintext, its capabilities include recording, analyzing, and sending notifications about suspicious network traffic.