← All stories
● Covered by 1 source Β· 1 reportMedium impact

TFTP Honey Pot Captures Traffic from Infosec Companies

Aggregated by BrevFeed security Β· updated 3h ago
πŸ”– Save

A TFTP honeypot running on a VPS and a home server collected 20-50 packets daily, revealing mostly scheduled scans from infosec firms. The results highlight the interest and activity from companies like Shodan and Censys in TFTP traffic, indicating ongoing reconnaissance efforts in network environments.

Key points

Overview of the Honey Pot Experiment

A TFTP honeypot was deployed on a $5 monthly VPS and intermittently on a Dell R530 home server.

The honeypot recorded between 20 to 50 packets per day over a month, mainly comprised of TFTP format traffic.

Traffic Analysis

Most captured traffic resulted from scans conducted by seven infosec companies, indicating their regular activity in probing TFTP services.

Attempts varied from bad filename errors to access violations, with notable requests for files like 'a.pdf' and other random combinations.

Identifying the Sources

The IP addresses conducting these scans were primarily registered to the associated infosec companies, with some variations in usage between their own addresses and services like Digital Ocean.

A detailed analysis using WHOIS data and CIDR checks helped confirm the originating organizations of the requests.

Significance of Findings

The results from the TFTP honeypot reveal a systematic approach by security companies to monitor TFTP traffic, potentially for vulnerability assessments.

Understanding the patterns of such network scans provides insights into security practices and potential threats in the tech environment.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub jrlevine/grepcidr3 GitHub robertdavidgraham/masscan

Reporting from

A TFTP honeypot running on a VPS and a home server collected 20-50 packets daily, revealing mostly scheduled scans from infosec firms. The results highlight the interest and activity from companies like Shodan and Censys in TFTP traffic, indicating ongoing reconnaissance efforts in network environments.