Mätning av attackbeteende och mönster med Cowrie

Eurenius, Anders; Härnströmer, Andreas

bibliotek.hv.se

Simple search

Advanced search -
Research publications Advanced search -
Student theses Statistics

English Svenska Norsk

Change search

Cite ExportLink to record

Permanent link

https://urn.kb.se/resolve?urn=urn:nbn:se:hv:diva-20465

Direct link

http://hv.diva-portal.org/smash/record.jsf?pid=diva2:1781870

Cite

Citation style

apa
ieee
modern-language-association-8th-edition
vancouver
Other style

More styles

Language

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Other locale

More languages

Output format

html
text
asciidoc
rtf

Mätning av attackbeteende och mönster med Cowrie

Eurenius, Anders

University West, School of Business, Economics and IT.

Härnströmer, Andreas

University West, School of Business, Economics and IT.

2023 (Swedish)Independent thesis Basic level (university diploma), 5 credits / 7,5 HE creditsStudent thesisAlternative title

Measuring attack behavior and patterns with Cowrie (English)

Abstract [sv]

Detta examensarbete fokuserar på Cowrie, som är en honeypot för att övervaka och analysera attacker i nätverk. Honeypots sattes upp på Telias nätverk och data samlades in under nio dagar med hjälp av Modern Honey Network och Splunk på en Linode server. Resultaten visade på att en enhet fick exceptionellt många attacker. Detta kan troligtvis förklaras av att tre IP-adresser avviker i statistiken. Resultaten visade även att port 23 var mer angripen än port 22. Angripare som försökte få åtkomst till systemet använde vanligt förekommande användarnamn som "root", "admin", "user" och "guest". Dessa angripare följde även vanliga mönster för lösenord, med populära val som "admin", "123456", "123", "1234", "1" och "password". Vid attacker mot port 23 observerades att angriparna ofta använde kommandon som "uname" för att få information om de attackerade systemen. För attacker mot port 22 utnyttjades kommandon som "shell" och "system", vilket gav angriparna möjlighet att ta kontroll över systemet. Vidare visade resultaten att majoriteten av attackerna kom från Iran, följt av Kina

Abstract [en]

This thesis focuses on Cowrie, which is a honeypot for monitoring and analyzing attacks in networks. Honeypots were set up on Telia's network and data was collected for nine days using Modern Honey Network and Splunk on a Linode server. The results showed that one device received an exceptionally high number of attacks. This can probably be explained by the fact that three IP addresses deviate in the statistics. The results also showed that port 23 was more attacked than port 22. Attackers trying to gain access to the system used common usernames such as "root", "admin", "user" and "guest". These attackers also followed common password patterns, with popular choices like "admin", "123456", "123", "1234", "1" and "password". In attacks against port 23, it was observed that the attackers often used commands like "uname" to get information about the attacked systems. For attacks against port 22, commands such as "shell" and "system" were used, which gave the attackers the opportunity to take control of the system. Furthermore, the results showed that the majority of attacks came from Iran, followed by China.

Place, publisher, year, edition, pages

2023. , p. 12

Keywords [en]

Cowrie, Honeypots, Telnet, Comparison, Attacks, SSH

National Category

Computer Sciences

Identifiers

URN: urn:nbn:se:hv:diva-20465Local ID: EXN300OAI: oai:DiVA.org:hv-20465DiVA, id: diva2:1781870

Subject / course

Computer science

Educational program

Nätverksteknik med IT-säkerhet

Supervisors

Lext, Christoffer

Examiners

de Blanche, Andreas

Available from: 2023-07-18 Created: 2023-07-11 Last updated: 2023-07-18Bibliographically approved

Open Access in DiVA

No full text in DiVA

urn-nbn

Total: 38 hits