Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Unfortunately, a lot of those are honeypots, even though the number might be unbelievable. A quick look on the first page shows this one[1] claiming to be a PHP web server serving a Java application(!), this other one[2] claims to be an embedded system web server, this one[3] claims that it's a streaming service, this one[4] claims its Mac OS X server (how long has it been obsolete again?)

And those are just the headers! Just taking a cursory look at [4], I can see it is claiming to be a ASP.net server being served by a TP-Link device on one port, all the while also being a QNAP device on another, and also another PHP application served through thttpd. All the while running on AWS...

[1] https://www.shodan.io/host/44.204.245.187

[2] https://www.shodan.io/host/13.246.35.40

[3] https://www.shodan.io/host/16.171.64.23

[4] https://www.shodan.io/host/44.204.245.187



I'm stupid, so please be patient, who puts up these honeypots? WHy are they there? (I know in principle what a honeypot is)


I do, and I'm not a security researcher (not really).

If nothing else, it's fun to see who pokes you, even if I don't actually follow up on it.


Thanks!


Conspiracy Theory: The proliferation of honeypots is due to secret government contracts attempting to corrupt the usefulness of Shodan and the like.


Automated Chaff for the information age.


Note that all of them have been flagged as honeypots by Shodan (see the "Tags" section below the IP in the top left).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: