Cowrie (honeypot) explained

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and shell interaction performed by an attacker. Cowrie also functions as an SSH and telnet proxy to observe attacker behavior to another system. Cowrie was developed from Kippo.

Reception

Cowrie has been referenced in published papers.^{[1] [2]} The Book "Hands-On Ethical Hacking and Network Defense" includes Cowrie in a list of 5 commercial honeypots.^[3]

Prior uses

• Discussing a honeypot effort called the Project Heisenberg Cloud by Rapid7, Bob Rudis, the company's chief data scientist, told eWEEK, "There are custom Rapid7-developed low- and medium-interaction honeypots used within the framework, along with open-source ones, such as Cowrie."^[4]
• Doug Rickert has experimented with the open-source Cowrie SSH honeypot and wrote about it on Medium. Putting up a simple honeypot isn't difficult, and there are many open-source products besides Cowrie, including the original Honeyd to MongoDB and NoSQL honeypots, to ones that emulate web servers. Some appear to be SCADA or other more advanced applications.^[5]

Best practices

• Researchers at the SysAdmin, Audit, Network and Security (SANS) institute urged administrators and security researchers to run the latest version of Cowrie on a honeypot to monitor shifts in the type of passwords being scanned for and pattern of attacks on IoT devices.^{[6] [7] [8]}

Discussion and further resources

• Attack Detection and Forensics Using Honeypot in an IoT Environment calls Cowrie a "medium interaction honeypot" and describes results from using it for 40 days to capture "all communicated sessions in log files."^[9]
• The book Advances on Data Science also devotes chapter two to "Cowrie Honeypot Dataset and Logging."^[10]
• ICCWS 2018 13th International Conference on Cyber Warfare and Security describes using Cowrie.^[11]
• On the Move to Meaningful Internet Systems: OTM 2019 Conferences includes details of using Cowrie.^[12]
• Splunk, a security tool that can receive information from honeypots, outlines how to set up a honeypot using the open-source Cowrie package.^[13]

Notes and References

1. Book: Sentanoe. Stewart. Taubmann. Benjamin. Reiser. Hans P.. Secure IT Systems . Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots Using Virtual Machine Introspection . 2018. Gruschka. Nils. Lecture Notes in Computer Science. 11252. en. Springer International Publishing. 255–271. 10.1007/978-3-030-03638-6_16. 978-3-030-03638-6.
2. Ziaie Tabari. Armin. Ou. Xinming. March 2, 2020. A First Step Towards Understanding Real-world Attacks on IoT Devices. cs.CR. 2003.01218. en.
3. Book: Simpson. Michael T.. Hands-On Ethical Hacking and Network Defense. Antill. Nicholas. 2016-10-10. Cengage Learning. 978-1-305-48068-1. en.
4. News: Kerner. Sean Michael. November 3, 2016. Rapid7 Finds Certain Cloud Risks With Heisenberg Honeypot. eWEEK. January 16, 2020.
5. Web site: Honeypots as deception solutions: What to look for and how to buy. Strom. David. 2018-05-17. CSO Online. en. 2020-01-16.
6. Web site: SANS calls for admins to secure IoT devices as manufacturers drag feet. 2016-10-05. SC Media. en-US. 2020-01-16.
7. Web site: SANS issues call to arms to battle IoT botnets. Chirgwin. Richard. October 4, 2016. www.theregister.co.uk. en. live. https://web.archive.org/web/20161005194342/http://www.theregister.co.uk/2016/10/04/sans_issues_call_to_arms_to_battle_iot_botnets/ . 2016-10-05 . 2020-01-16.
8. Web site: SANS Institute in IoT Botnet Warning. Muncaster. Phil. 2016-10-04. Infosecurity Magazine. 2020-01-16.
9. Book: Distributed Computing and Internet Technology: 15th International Conference, ICDCIT 2019, Bhubaneswar, India, January 10–13, 2019, Proceedings. Fahrnberger. Günter. Gopinathan. Sapna. Parida. Laxmi. 2019-01-22. Springer. 978-3-030-05366-6. en.
10. Book: Advances in Data Science: Third International Conference on Intelligent Information Technologies, ICIIT 2018, Chennai, India, December 11–14, 2018, Proceedings. Akoglu. Leman. Ferrara. Emilio. Deivamani. Mallayya. Baeza-Yates. Ricardo. Yogesh. Palanisamy. 2018-11-28. Springer. 978-981-13-3582-2. en.
11. Book: Leenen, Dr Louise. ICCWS 2018 13th International Conference on Cyber Warfare and Security. 2018-03-08. Academic Conferences and publishing limited. 978-1-911218-73-9. en.
12. Book: On the Move to Meaningful Internet Systems: OTM 2019 Conferences: Confederated International Conferences: CoopIS, ODBASE, C&TC 2019, Rhodes, Greece, October 21–25, 2019, Proceedings. Panetto. Hervé. Debruyne. Christophe. Hepp. Martin. Lewis. Dave. Ardagna. Claudio Agostino. Meersman. Robert. 2019-10-10. Springer Nature. 978-3-030-33246-4. en.
13. Web site: What is a honeypot? A trap for catching hackers in the act. Fruhlinger. Josh. 2019-04-01. CSO Online. en. 2020-01-16.