Hello everyone I'm one of the guys involved on DSHIELD project of this SANS website. Today, I was reading the hits from my honeypot and I found the following strange validation attemps: user:root Password: system\x00 In some cases the bots try to validate with the following usernames: shell\x00 enable\x00 I look forward to know, what kind of attempts are them... could it be a sheellcode/exploit for some IOT device? or maybe it is a mistake when the validation logs are parsed? Thanks a lot for your support in advance! |
ShanHolo 9 Posts |
thread locked Quote Subscribe |
Aug 31st 2017 3 years ago |
Sign Up for Free or Log In to start participating in the conversation!