It’s been a little over 48 hours since I put the honeypot up against the Internet. I’m astonished at the massive amount of data it’s already retrieved, on top of just the sheer number of attacks attempted against it. Granted, a couple ISPs were responsible for a large portion of it (shout-out to Global Layer).
One interesting thing I’ve noticed is glances of the Mirai botnet and its clones still running around. It was mostly out of the US and parts of Italy.
The username and password tagclouds have also grown significantly since the start. Many of the strange password appear to be default IoT device logins (Toshiba, GE, etc.)
I look forward to having more updates in the near future, along with some more statistical data to share. After about a week or so, I’ll try to publish more specific information in a CSV or Word type style.