Some Basic Credential and Country Analysis of Incoming Mirai (IoT Botnet) Traffic

October 30, 2016

I’ve been messing with Robert Graham’s TelnetLogger > project today and captured some IPs and credentials over around two hours.

I was curious of two things:

Which credentials would be most popular
Which were the most common source IPs

The listener has options for capturing both via:

telnetlogger -p passwds.txt -i ips.txt

What I did was create a simple script (HoneyCredIPTracker >) that processes the output. It basically summons the all-powerful combo of:

sort | uniq -c | sort -nr

Fascinating to see which countries are trying most often, and what credentials they’re trying the most.

You can get the script here >.

Follow On X Subscribe On YouTube Follow On LinkedIn

supporting = loving

Since 1999 I've been creating ad-free technical tutorials and essays here. It's a one-person effort that's also my life and livelihood. If it makes your day more livable in any way, please consider supporting the work with a monthly or one-time donation. Your support means a lot to me, and makes all the difference. 🫶🏼

Monthly Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

One-Time Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

This post was tagged with:

HOME·BLOG·ARCHIVES·ABOUT