Australian Digital Forensics Conference

Document Type

Conference Proceeding


SRI Security Research Institute, Edith Cowan University, Perth, Western Australia


This is an investigation of the activity detected on three honeypots that utilise the Kippo SSH honeypot system on VPS servers all on the same C class address. The systems ran on identical software bases and hardware configurations. The results are over the period 21st March 2013 until Tuesday 04 June 2013. The initial analysis covered in this paper examines behaviours and patterns detected of the attacking entities. The attack patterns were not consistent and there was large disparity in numbers and magnitude of attacks on all hosts. Some of these issues are explored in the paper.


Originally published in the Proceedings of the 11th Australian Digital Forensics Conference. Held on the 2nd-4th December, 2013 at Edith Cowan University, Perth, Western Australia