While some of these honeypots probably have no operational relevance, e.g., they are student projects, this explanation does not fit the wider population. One cluster of honeypots was confirmed to belong to a well-known security center and was in use for ongoing attack monitoring. Concentrations in an another cluster appear to be the result of government incentives. We contacted 11 honeypot operators and received response from 4 operators, suggesting the problem of lack of network hygiene. Finally, we find that some honeypots are actively abused by attackers for hosting malicious binaries. We notified the owners of the detected honeypots via their network operators and provided recommendations for customization to avoid simple signature-based detection. We also shared our results with the honeypot developers.
|Title of host publication||2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019|
|Number of pages||10|
|Publication status||Published - 16 May 2019|
|Event||16th IFIP/IEEE International Symposium on Integrated Network Management 2019: Intelligent Management for the Next Wave of Cyber and Social Networks - Washington, United States|
Duration: 8 Apr 2019 → 12 Apr 2019
|Conference||16th IFIP/IEEE International Symposium on Integrated Network Management 2019|
|Period||8/04/19 → 12/04/19|