And Then There Were Three

More OpenCanary Goodness

To balance out having two US-hosted honeypots, the appeal of hosting one elsewhere appealed to me. And so the newest member of the OpenCanary family was born.

Welcome to the OpenCanary instance hosted in my very own DMZ! Hosted on Hyper-V, it does not take too many resources on the DMZ host I have.

It seems my new OpenCanary isn’t very popular; in fact, the oldest OpenCanary in Oracle Cloud routinely gets the most attention. The OpenCanary hosted at home is less popular, possibly with my ISP blocking some ports from actually getting to my perimeter. SSH and Telnet connections are being seen, however.

SSH and Telnet connections means there are passwords being submitted to the OpenCanary. More of the same passwords, certainly the “attackers” rely on people never changing default passwords; there are enough of those people to guarantee results, it seems.

The raw hourly data shows the trends more clearly. As the IP address of the new instance becomes more “known”, it might be reasonable to expect the volumes to increase for my new OpenCanary. Time will tell….

Of course it’s important that the CPE from my ISP is not overrun by the connection requests. We need our 10Gb connection for many other things! It looks good when the box is examined for CPU load.