Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Need a vps for a honeypot
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Need a vps for a honeypot

Hi all,

I want to setup a honeypot and so need a suitable vps

Ram 256mb+
Disk space 10gb+
Bandwidth 1tb

Probably better to have ddos too (someone is going to get upset when they find out its a fake)

Anyone got any good recommendations

Thanks

Chip

Comments

  • Can't you just move on with your life instead of wasting money?

    Go give Vultr(referral) a try. | GNU/Linux http://debian.org

  • Any host will do, it won't generate abuse reports etc unless you run a fake open resolver or something. I ran kippo for a few weeks, but most what looked like automated attempts realised it wasn't a usable system and didn't try to download or run anything.

    Thanked by 1ehab
  • linuxthefish said: I ran kippo for a few weeks, but most what looked like automated attempts realised it wasn't a usable system and didn't try to download or run anything.

    Honeypot detection! Nice ...

    Thanked by 1linuxthefish
  • Hi,

    I know almost any host will do but wouldnt have minded some options,i have loked at kippo it emulates a pretty weak debian 5 setup but allows the hacker some interaction

    Any recommendations? Who did you use?

    Chip

    @linuxthefish said:
    Any host will do, it won't generate abuse reports etc unless you run a fake open resolver or something. I ran kippo for a few weeks, but most what looked like automated attempts realised it wasn't a usable system and didn't try to download or run anything.
    @GM2015 said:
    Can't you just move on with your life instead of wasting money?

  • Nah, i want a vm i can use as a honeypot or more importantly a provider that doesnt mind me runing a honey pot on their network

    Chip

    @GM2015 said:
    Can't you just move on with your life instead of wasting money?

  • Yes, while searching for different honeypot tutorials i stumbled upon a tutorial on detecting and identifying honeypots

    Chip

    @singsing said:
    Honeypot detection! Nice ...

  • ceibaNetceibaNet Member, Provider

    hi @chip if you're still looking for a vps for your honeypot, you can give ours a look. We also got a discount code going for december for 15% off, so our basic vps with 768mb RAM, 30Gb hdd and 1TB BW for $4.25/mo with a bit more resources than what you asked for. All ddos protected as well
    http://laceibanetsociety.com/en/vps-services/openvz-vps/

    laceibanetsociety // 24/7 English/Spanish Support // VPS, Resellers, Dedicated Servers NJ and Honduras Locations available

  • GunterGunter Member
    edited December 2015

    linuxthefish said: realised it wasn't a usable system and didn't try to download or run anything.

    Did you try cowrie? It improves upon kippo significantly, and has rendered many of the methods used to identify kippo honeypots less effective.

  • No but I will give that a look.

    Thanks

    Chip

    @Gunter said:

  • Most effective honey pot would be a VPS/Dedi hosted at online.net

    Different.

  • @TinyTunnel_Tom said:
    Most effective honey pot would be a VPS/Dedi hosted at online.net

    Or links in your sig on LET

  • @geekalot said:

    Judging by your comment you've never owned and online.net dedi or VPS have you. There is much to learn.

    Thanked by 1GM2015

    Different.

  • Hey Chip,
    This won't be a problem for any provider, and even if any abuse reports do come in.. as long as you handle them it doesn't really matter.

    Next.. that brings me onto the self promotion :)

    Feel free to check out our most recent offering (and discount code) here!

    @chip said:
    Hi all,

    I want to setup a honeypot and so need a suitable vps

    Ram 256mb+
    Disk space 10gb+
    Bandwidth 1tb

    Probably better to have ddos too (someone is going to get upset when they find out its a fake)

    Anyone got any good recommendations

    Thanks

    Chip

    AboveClouds • UK Company • UK Datacentre • UK Customer Support

    High Performance Pure SSD Cloud Hosting with a personal touch

  • @Jacob said:
    Hey Chip,
    This won't be a problem for any provider, and even if any abuse reports do come in.. as long as you handle them it doesn't really matter.

    Next.. that brings me onto the self promotion :)

    Feel free to check out our most recent offering (and discount code) here!

    I know you've got a pic of Russel doesn't mean you can post links to WHT. It just makes me cry and put adele someone like you on.

    Different.

  • @TinyTunnel_Tom said:
    Judging by your comment you've never owned and online.net dedi or VPS have you. There is much to learn.

    Judging by your comment, 1) you don't get it; 2) I have a few of them

  • @geekalot said:

    I do understand it however links in sig = ddos not ssh brute force

    Different.

  • TinyTunnel_Tom said: Most effective honey pot would be a VPS/Dedi hosted at online.net

    Why would online.net ip range attract "attackers" more than say leaseweb or DO?

    Gotta Love LowEndDrama

  • @2bb3 said:

    It's just a "it does". It's just something that happens not sure why but it does

    Different.

  • geekalotgeekalot Member
    edited December 2015

    @TinyTunnel_Tom said:
    I do understand it however links in sig = ddos not ssh brute force

    I hear you; but I think it is more like:

    • LowEndPortScan
    • If SSH Open then LowEndBruteForce
    • If HTTP/S Open then LowEndDDoS
    • etc
    • rinse, repeat :)

    But, yes, the Online.net IP ranges get a lot of work from potential attackers, great for honeypots.

    Anyway, didn't mean to derail OP's thread.

  • That's interesting,so online.net get hit pretty hard?

    Chip

    @geekalot said:

  • Well, I have servers with many different providers and do not see a "so much higher" level of attacks with online.net than with the others... Maybe I'm just lucky. I have 3 servers with online.net.

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • Online.net mostly provides dedicated servers and that's the main reason.
    If somebody hacks dedicated servers he is getting much more resources to dos/brutforce and etc.

    Trying to be positive and friendly :)

  • 512MB OpenVZ + 2 IP's - free if you don't run anything else.

  • I don't want to run anything else but also don't want it free you have hardware costs after all.

    Thanks

    Chip

    @linuxthefish said:
    512MB OpenVZ + 2 IP's - free if you don't run anything else.

  • I have some spare IP's over in Illiad (Online.net) if that works for you?

    Taking a hiatus.

Sign In or Register to comment.