The results are in! After one month I saw 214,442 malicious login attempts to the honeypot:
Telnet made up almost half of these connections, with 99,840. Followed by SSH (60,964 connections) and VNC with 52,942 connections. We only saw about 600 HTTP/HTTPS connections, 20 FTP connections, and 10 SOCKS5 connections.
Some interesting statistics were able to be developed based on this. Keep in mind, the device never sent a single unsolicited packet outbound. All of this traffic was scanning for the device.
Also, you can download the full list of username and passwords or the list of attack source IPs to see every password I saw or everyone who tried to attack.
Check this list, if any of your passwords are on it, change them!!
For secure communications (email, IM, etc) please use my OpenPGP certificate:
Just an update to say that this site was moved from being hosted on our business internet connection to now being hosted on a server in Amazon’s EC2 cloud. Amazon offers a year of free EC2 access for anyone who signs up. So far, I’ve hit a few bumps but the experience has taught me a lot and I now feel much more confident in my skills around Amazon EC2.
This site is now available on IPv6 with full functionality.
www.shawngarringer.org AAAA 2001:470:c63d:5::abc:123:
If you’re on an IPv6 network (like Verizon 4G LTE) just going to www.shawngarringer.org connects you through the IPv6!