Things Attack: Peek into a 18 months IoT honeypot

Presented at TROOPERS18 (2018), March 12, 2018, 11:30 a.m. (Unknown duration)

Internet of Things attacks are on the rise. In this session, we love to share the interesting stories from a single 18 months home-based IoT honeypot.

Back in year 2015, we designed a IoT ‘device' for fun and deployed it as single home-based honeypot, with the UPnP and MQTT protocols emulation. In early year 2017, we listen quietly to the Telnet traffic after Mirai attacks.

We would like to present the design of the ‘device' with three network protocols emulation. The home ‘device' was frequently visited by millions of UPnP requests and ‘assisted' in DoS attacks. We observed emerges of multiple Mirai variants and traced back to notorious threat group. We found sneaky Hajime botnet mutants evolve with different evasive tricks, visitors with amusing commands, mis-configured botnets, etc.


  • Tan Kean Siong
    Tan Kean Siong is an independent security researcher and member of The Honeynet Project. He involved in several open source network sensor and honeypot development, including Dionaea, Honeeepi and Glutton. He has spoken in conferences e.g. DEF CON Packet Hacking Village, Hack In The Box, HITCON, Honeynet Project Workshop and other open source community events.


Similar Presentations: