Counting outdated honeypots: Legal and useful
Proceedings - 2019 IEEE Symposium on Security and Privacy Workshops, SPW 2019
MetadataShow full item record
Vetterl, A., Clayton, R., & Walden, I. (2019). Counting outdated honeypots: Legal and useful. Proceedings - 2019 IEEE Symposium on Security and Privacy Workshops, SPW 2019, 224-229. https://doi.org/10.1109/SPW.2019.00049
Honeypots are intended to be covert and so little is known about how many are deployed or who is using them. We used protocol deviations at the SSH transport layer to fingerprint Kippo and Cowrie, the two most popular medium interaction SSH honeypots. Several Internet-wide scans over a one year period revealed the presence of thousands of these honeypots. Sending specific commands revealed their patch status and showed that many systems were not up to date: a quarter or more were not fully updated and by the time of our last scan 20% of honeypots were still running Kippo, which had last been updated several years earlier. However, our paper reporting these results was rejected from a major conference on the basis that our interactions with the honeypots were illegal and hence the research was unethical. We later published a much redacted account of our research which described the fingerprinting but omitted the results we had gained from the issuing of commands to check the patch status. In the present work we provide the missing results, but start with an extended ethical justification for our research and a detailed legal analysis to show why we did not infringe cybersecurity laws.
External DOI: https://doi.org/10.1109/SPW.2019.00049
This record's URL: https://www.repository.cam.ac.uk/handle/1810/291316
All rights reserved