One problem that all security professionals have is staying ahead of the attacks. Honeypots help in this regard by gaining an insight into how the naydoers attack vulnerable systems. I therefore set out to create a reproduceable honeypot system that could be deployed to any target in a secure and reproduceable manner.
The 2 requirements was to automate the installation of the honeypot software and to integrate the logging to a central system where the logs could be analysed.
vDOS was a booter service ran out of Israel allowing anyone to DDOS victims. In July 2016 Brian Krebs obtained a database dump from the booter service giving insight into the techniques used and victims of the service.
You can see Brian’s posts here:
https://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/
https://krebsonsecurity.com/2016/09/israeli-online-attack-service-vdos-earned-600000-in-two-years/
To analyse the database I’ve written a Vagrantfile which installs the ELK stack and uses logstash to put the vDOS log file into Elasticsearch, Kibana can then be used to analyse the data.