Honeypot Logs

A Botnet's Search for MikroTik Routers

Last Updated: 2021-02-04 Last month, I wrote a post about setting up honeypots on GCP where I stood up a low-interaction SSH honeypot. Since then, I’ve been able to log a few megabytes worth of unauthorized behavior. This post will report on a repeated security event targeting misconfigured MikroTik routers. Event Behavior The attacker logs into the honeypot using admin/password and then sends the commands seen below into the honeypot terminal....

February 2, 2021 · 8 min