Hackers are Watching you – A case of FTP Honeypot

Updated on 7th May 2018
By sumita
2 Minutes Read
1811 Views

Hackers are constantly looking up for new servers available on the Internet. As soon as a new server joins the Internet, it gets discovered by hackers for an attempt to break into it through various attack techniques.

One fine day, my colleague Vishal and I thought why don’t we get adventurous to know the hackers’ activities, trends and see how long it takes for them to identify new servers hosted on the Internet. Therefore, we decided to experiment by hosting an FTP server in an isolated lab environment and use Wireshark tool as a spy to track external incoming traffic and analyze possible hacking activities.

We began monitoring with our Wireshark spy and took two captures of the network traffic. The first day we set up the FTP server and brought it on to the network at around 10:13 PM, started the network packets capturing on Wireshark. The first capture data is here:

We began the second capture immediately and it kept it for two days. Here’s the second capture’s data.

Surprisingly, the first login attempt from the outside world to the FTP server was just within few minutes of setting FTP server up. Hackers are so active that they could scan new systems within minutes and then try to break into the system using the common login credentials first.

Our Wireshark log of network traffic shows that the hackers tried with various credentials, few of them were:

Login:

Password:

The Wireshark log also listed the countries from where these attacks came:

At the end of our lab research, we reported about this experiment to our manager Ashok Sharma. He was surprised to know that it took just minutes for the hackers to scan our server for an attempt to hack it.

This is an example of the current threat the digital world is facing. Be careful of hackers, they are always waiting for the opportunities to get into your network and try to steal sensitive data, or do harm in any other form. Make sure your credentials are strong, use encryption techniques, and use secure platforms to host your server.

Happy Learning!

 

Sumita Narshetty
Sumita Narshetty
Security Researcher at QOS Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

shares
We're proud to collaborate with Govt. of Karnataka in their latest initiative, Center of Excellence in Cyber Security, to promote Cyber-safe Karnataka and build a pipeline of Cyber Security talent.Learn More
+