Hackers are Watching you – A case of FTP Honeypot

Updated on 7th May 2018
By sumita
2 Minutes Read

Hackers are constantly looking up for new servers available on the Internet. As soon as a new server joins the Internet, it gets discovered by hackers for an attempt to break into it through various attack techniques.

One fine day, my colleague Vishal and I thought why don’t we get adventurous to know the hackers’ activities, trends and see how long it takes for them to identify new servers hosted on the Internet. Therefore, we decided to experiment by hosting an FTP server in an isolated lab environment and use Wireshark tool as a spy to track external incoming traffic and analyze possible hacking activities.

We began monitoring with our Wireshark spy and took two captures of the network traffic. The first day we set up the FTP server and brought it on to the network at around 10:13 PM, started the network packets capturing on Wireshark. The first capture data is here:

We began the second capture immediately and it kept it for two days. Here’s the second capture’s data.

Surprisingly, the first login attempt from the outside world to the FTP server was just within few minutes of setting FTP server up. Hackers are so active that they could scan new systems within minutes and then try to break into the system using the common login credentials first.

Our Wireshark log of network traffic shows that the hackers tried with various credentials, few of them were:



The Wireshark log also listed the countries from where these attacks came:

At the end of our lab research, we reported about this experiment to our manager Ashok Sharma. He was surprised to know that it took just minutes for the hackers to scan our server for an attempt to hack it.

This is an example of the current threat the digital world is facing. Be careful of hackers, they are always waiting for the opportunities to get into your network and try to steal sensitive data, or do harm in any other form. Make sure your credentials are strong, use encryption techniques, and use secure platforms to host your server.

Happy Learning!


Sumita Narshetty
Sumita Narshetty
Security Researcher at QOS Technology

1 thought on “Hackers are Watching you – A case of FTP Honeypot

  1. Hello,
    Now that’s an adventure we are talking about! Thanks a lot for sharing and that really helped me in getting an overview of how hackers get into our servers. Please keep sharing such information, they are really helpful and gives a great insight of insecurities that are on the internet.
    And I am really excited for the new adventures you guys will be coming up with.

    Happy learning!

Leave a Reply

Your email address will not be published. Required fields are marked *

Learn Check Point, Red Team Skills, Wireshark, OSSIM, and Splunk from certified and top-rated security practitionersEnroll Now