Internet of Things attacks are on the rise. In this session, we love to share the interesting stories from a single 18 months home-based IoT honeypot.
Back in year 2015, we designed a IoT ‘device' for fun and deployed it as single home-based honeypot, with the UPnP and MQTT protocols emulation. In early year 2017, we listen quietly to the Telnet traffic after Mirai attacks.
We would like to present the design of the ‘device' with three network protocols emulation. The home ‘device' was frequently visited by millions of UPnP requests and ‘assisted' in DoS attacks. We observed emerges of multiple Mirai variants and traced back to notorious threat group. We found sneaky Hajime botnet mutants evolve with different evasive tricks, visitors with amusing commands, mis-configured botnets, etc.