RedPhoenix

Tempting, but in order to reduce the potential attack surface, I'm likely just to create a simple simulator instead now.

If it's good enough to fool the first few interactions of an automated script, that'll probably do. That'll give me the curl/wget target they're trying to insect me with, most likely.

It means I can potentially create a single binary docker instance that can be reset practically instantly by deleting/reimporting.

Yep.. sigh

me@somewhere:~$ ssh -p 8022 root@localhost
The authenticity of host '[localhost]:8022 ([127.0.0.1]:8022)' can't be established.
ECDSA key fingerprint is SHA256:W6aKaaaaaaaaaaaaaaaaaaaaaaaa+cvaaaaaaaaaaaw.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:8022' (ECDSA) to the list of known hosts.
root@localhost's password: 
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.4-31-generic x86_64)

* Documentation:  https://help.ubuntu.com
* Management:     https://landscape.canonical.com
* Support:        https://ubuntu.com/advantage

54 packages can be updated.
20 updates are security updates.


----------------------------------------------------------------
Ubuntu 16.04.1 LTS                          built 2016-10-10
----------------------------------------------------------------
last login: Sun Nov 19 19:40:44 2017 from 172.99.99.99
root@host:~$ whoami
root
root@host:~$ ls
README log.txt
root@host:~$ cat README
# NOTE: Do not reset this server, as it provides essential services.
root@host:~$ cat log.txt
Mar  3 15:37:01 root kernel: Boot time configuration written to /etc/default/grub
Mar  3 15:37:02 root kernel: Loading initial ram disk images...
Mar  3 15:37:03 root kernel: Linux version 4.9.0-6-amd64 (buildid@Debian) (gcc version 8.2.0 ( Ubuntu 8.2.0-14-ga )) #1 SMP Debian 4.9.141-1 (2017-03-09)
Mar  3 15:37:03 root kernel: Linux command line options: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
Mar  3 15:37:03 root kernel: Boot arguments: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
Mar  3 15:37:03 root kernel: Kernel arguments: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
Mar  3 15:37:03 root kernel: Mounting system...
Mar  3 15:37:03 root kernel: Mounted system...
root@host:~$ echo "testing1234" > somefile.txt
root@host:~$ echo "testing 23456" >> somefile.txt
root@host:~$ cat somefile.txt
testing1234
testing 23456
root@host:~$ echo tell me a story about a dragon
Once upon a time, in a land far, far away, there lived a magnificent dragon named Scorch. Scorch was the most feared creature in all the land, with scales that shone like gold in the sunlight and eyes that glowed like embers. He roamed the countryside, breathing fire and destruction wherever he went, and no one dared to cross...

A medium interaction SSH honeypot backed by a basic LLM that believes it's bash.

I'm impressed at the ability to retain limited state, and respond 'reasonably enough' that it'll probably allow first stage automated attacks to be captured.. but at the moment, it's way too easy to peer behind the curtain.

It's quite jarring when your bash terminal starts telling you a story about a happy dragon in response to some weird command.

Wires and false colour can be pretty awesome.

Anyone else have wire themes pics?

Great use of black and white.

Pied: Bingo

Yep, noisy miners. They're aggressive little buggers. One of the reasons that park designers are encouraged to include small shrubs with thick foliage, is to give smaller birds somewhere to hide from the miners, otherwise you tend to get a bit of a monoculture of miners.

Yeah not too many mynahs around here thankfully. Partly due to the Butcher birds!

I literally just got out of the water after giving the hull a de-barnacleing in the middle of winter, and I'm lucky enough to live somewhere where that's possible.

That said, pictures like this of cold water sailing fascinate me.

Butcher birds are generally smaller, have a different pattern to their colours, and are a bit different in their vocalisations. Magpies tend to warble, whereas Butcher birds generally have a distinct series of tones (that varies a bit around the country). They also tend to hop more than walk - much shorter legs. The beak is a tiny bit different to a magpie too.

The adults are black and white, but the juveniles are usually light grey and white.

The noisy mynahs tend to be a bit more paranoid around Butcher birds too. Maggie's are less likely to actively hunt them. ;)

If you hear a bunch of mynahs going off in a group, it'll most likely be a snake, an owl, or one of these guys.

And another on the same theme.

Related. :)

Nice!

Butcher bird though.

I remember kayaking up near Peel Island when I saw one of these roll in from the gold coast.

No chance of making it back to base in time, so I pulled into the beach, found a place to sit out the storm, and asked the Mrs to call me when she spotted a clear weather window to make it back home again.