Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Mätning av attackbeteende och mönster med Cowrie
University West, School of Business, Economics and IT.
University West, School of Business, Economics and IT.
2023 (Swedish)Independent thesis Basic level (university diploma), 5 credits / 7,5 HE creditsStudent thesisAlternative title
Measuring attack behavior and patterns with Cowrie (English)
Abstract [sv]

Detta examensarbete fokuserar på Cowrie, som är en honeypot för att övervaka och analysera attacker i nätverk. Honeypots sattes upp på Telias nätverk och data samlades in under nio dagar med hjälp av Modern Honey Network och Splunk på en Linode server. Resultaten visade på att en enhet fick exceptionellt många attacker. Detta kan troligtvis förklaras av att tre IP-adresser avviker i statistiken. Resultaten visade även att port 23 var mer angripen än port 22. Angripare som försökte få åtkomst till systemet använde vanligt förekommande användarnamn som "root", "admin", "user" och "guest". Dessa angripare följde även vanliga mönster för lösenord, med populära val som "admin", "123456", "123", "1234", "1" och "password". Vid attacker mot port 23 observerades att angriparna ofta använde kommandon som "uname" för att få information om de attackerade systemen. För attacker mot port 22 utnyttjades kommandon som "shell" och "system", vilket gav angriparna möjlighet att ta kontroll över systemet. Vidare visade resultaten att majoriteten av attackerna kom från Iran, följt av Kina

Abstract [en]

This thesis focuses on Cowrie, which is a honeypot for monitoring and analyzing attacks in networks. Honeypots were set up on Telia's network and data was collected for nine days using Modern Honey Network and Splunk on a Linode server. The results showed that one device received an exceptionally high number of attacks. This can probably be explained by the fact that three IP addresses deviate in the statistics. The results also showed that port 23 was more attacked than port 22. Attackers trying to gain access to the system used common usernames such as "root", "admin", "user" and "guest". These attackers also followed common password patterns, with popular choices like "admin", "123456", "123", "1234", "1" and "password". In attacks against port 23, it was observed that the attackers often used commands like "uname" to get information about the attacked systems. For attacks against port 22, commands such as "shell" and "system" were used, which gave the attackers the opportunity to take control of the system. Furthermore, the results showed that the majority of attacks came from Iran, followed by China. 

Place, publisher, year, edition, pages
2023. , p. 12
Keywords [en]
Cowrie, Honeypots, Telnet, Comparison, Attacks, SSH
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:hv:diva-20465Local ID: EXN300OAI: oai:DiVA.org:hv-20465DiVA, id: diva2:1781870
Subject / course
Computer science
Educational program
Nätverksteknik med IT-säkerhet
Supervisors
Examiners
Available from: 2023-07-18 Created: 2023-07-11 Last updated: 2023-07-18Bibliographically approved

Open Access in DiVA

No full text in DiVA

By organisation
School of Business, Economics and IT
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 124 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf