I’ve been messing with Robert Graham’s TelnetLogger project today and captured some IPs and credentials over around two hours.
I was curious of two things:
- Which credentials would be most popular
- Which were the most common source IPs
The listener has options for capturing both via:
telnetlogger -p passwds.txt -i ips.txt
What I did was create a simple script (HoneyCredIPTracker) that processes the output. It basically summons the all-powerful combo of:
sort | uniq -c | sort -nr
Fascinating to see which countries are trying most often, and what credentials they’re trying the most.
You can get the script here.