Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Strange validation attempts on DSHIELD project - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Strange validation attempts on DSHIELD project
Hello everyone

I'm one of the guys involved on DSHIELD project of this SANS website.

Today, I was reading the hits from my honeypot and I found the following strange validation attemps:

Password: system\x00

In some cases the bots try to validate with the following usernames:


I look forward to know, what kind of attempts are them... could it be a sheellcode/exploit for some IOT device? or maybe it is a mistake when the validation logs are parsed?

Thanks a lot for your support in advance!

9 Posts

Sign Up for Free or Log In to start participating in the conversation!