Cowrie (honeypot)

Not to be confused with Cowrie.

Cowrie
Developer	Michel Oosterhof
Repository	github.com/cowrie/cowrie
Available in	Python
License	New BSD
Website	www.cowrie.org

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and shell interaction performed by an attacker. Cowrie also functions as an SSH and telnet proxy to observe attacker behavior to another system. Cowrie was developed from Kippo.

Reception

Cowrie has been referenced in published papers. ^{[1] [2]} The Book "Hands-On Ethical Hacking and Network Defense" includes Cowrie in a list of 5 commercial honeypots. ^[3]

Prior uses

• Discussing a honeypot effort called the Project Heisenberg Cloud by Rapid7, Bob Rudis, the company's chief data scientist, told eWEEK, "There are custom Rapid7-developed low- and medium-interaction honeypots used within the framework, along with open-source ones, such as Cowrie." ^[4]
• Doug Rickert has experimented with the open-source Cowrie SSH honeypot and wrote about it on Medium. Putting up a simple honeypot isn't difficult, and there are many open-source products besides Cowrie, including the original Honeyd to MongoDB and NoSQL honeypots, to ones that emulate web servers. Some appear to be SCADA or other more advanced applications. ^[5]

Best practices

• Researchers at the SysAdmin, Audit, Network and Security (SANS) institute urged administrators and security researchers to run the latest version of Cowrie on a honeypot to monitor shifts in the type of passwords being scanned for and pattern of attacks on IoT devices. ^{[6] [7] [8]}

Discussion and further resources

• Attack Detection and Forensics Using Honeypot in an IoT Environment calls Cowrie a "medium interaction honeypot" and describes results from using it for 40 days to capture "all communicated sessions in log files." ^[9]
• The book Advances on Data Science also devotes chapter two to "Cowrie Honeypot Dataset and Logging." ^[10]
• ICCWS 2018 13th International Conference on Cyber Warfare and Security describes using Cowrie. ^[11]
• On the Move to Meaningful Internet Systems: OTM 2019 Conferences includes details of using Cowrie. ^[12]
• Splunk, a security tool that can receive information from honeypots, outlines how to set up a honeypot using the open-source Cowrie package. ^[13]

References

1. Sentanoe, Stewart; Taubmann, Benjamin; Reiser, Hans P. (2018). "Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots Using Virtual Machine Introspection". In Gruschka, Nils (ed.). Secure IT Systems. Lecture Notes in Computer Science. Vol. 11252. Springer International Publishing. pp. 255–271. doi:10.1007/978-3-030-03638-6_16. ISBN   978-3-030-03638-6.
2. Ziaie Tabari, Armin; Ou, Xinming (March 2, 2020). "A First Step Towards Understanding Real-world Attacks on IoT Devices". arXiv: 2003.01218 [cs.CR].
3. Simpson, Michael T.; Antill, Nicholas (2016-10-10). Hands-On Ethical Hacking and Network Defense. Cengage Learning. ISBN   978-1-305-48068-1.
4. Kerner, Sean Michael (November 3, 2016). "Rapid7 Finds Certain Cloud Risks With Heisenberg Honeypot". eWEEK. Retrieved January 16, 2020.
5. Strom, David (2018-05-17). "Honeypots as deception solutions: What to look for and how to buy". CSO Online. Retrieved 2020-01-16.
6. "SANS calls for admins to secure IoT devices as manufacturers drag feet". SC Media. 2016-10-05. Retrieved 2020-01-16.
7. Chirgwin, Richard (October 4, 2016). "SANS issues call to arms to battle IoT botnets". www.theregister.co.uk. Archived from the original on 2016-10-05. Retrieved 2020-01-16.
8. Muncaster, Phil (2016-10-04). "SANS Institute in IoT Botnet Warning". Infosecurity Magazine. Retrieved 2020-01-16.
9. Fahrnberger, Günter; Gopinathan, Sapna; Parida, Laxmi (2019-01-22). Distributed Computing and Internet Technology: 15th International Conference, ICDCIT 2019, Bhubaneswar, India, January 10–13, 2019, Proceedings. Springer. ISBN   978-3-030-05366-6.
10. Akoglu, Leman; Ferrara, Emilio; Deivamani, Mallayya; Baeza-Yates, Ricardo; Yogesh, Palanisamy (2018-11-28). Advances in Data Science: Third International Conference on Intelligent Information Technologies, ICIIT 2018, Chennai, India, December 11–14, 2018, Proceedings. Springer. ISBN   978-981-13-3582-2.
11. Leenen, Dr Louise (2018-03-08). ICCWS 2018 13th International Conference on Cyber Warfare and Security. Academic Conferences and publishing limited. ISBN   978-1-911218-73-9.
12. Panetto, Hervé; Debruyne, Christophe; Hepp, Martin; Lewis, Dave; Ardagna, Claudio Agostino; Meersman, Robert (2019-10-10). On the Move to Meaningful Internet Systems: OTM 2019 Conferences: Confederated International Conferences: CoopIS, ODBASE, C&TC 2019, Rhodes, Greece, October 21–25, 2019, Proceedings. Springer Nature. ISBN   978-3-030-33246-4.
13. Fruhlinger, Josh (2019-04-01). "What is a honeypot? A trap for catching hackers in the act". CSO Online. Retrieved 2020-01-16.

External links

• Official website

• Free and open-source software portal