A TFTP honeypot running on a VPS and a home server collected 20-50 packets daily, revealing mostly scheduled scans from infosec firms. The results highlight the interest and activity from companies like Shodan and Censys in TFTP traffic, indicating ongoing reconnaissance efforts in network environments.
A TFTP honeypot was deployed on a $5 monthly VPS and intermittently on a Dell R530 home server.
The honeypot recorded between 20 to 50 packets per day over a month, mainly comprised of TFTP format traffic.
Most captured traffic resulted from scans conducted by seven infosec companies, indicating their regular activity in probing TFTP services.
Attempts varied from bad filename errors to access violations, with notable requests for files like 'a.pdf' and other random combinations.
The IP addresses conducting these scans were primarily registered to the associated infosec companies, with some variations in usage between their own addresses and services like Digital Ocean.
A detailed analysis using WHOIS data and CIDR checks helped confirm the originating organizations of the requests.
The results from the TFTP honeypot reveal a systematic approach by security companies to monitor TFTP traffic, potentially for vulnerability assessments.
Understanding the patterns of such network scans provides insights into security practices and potential threats in the tech environment.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A TFTP honeypot running on a VPS and a home server collected 20-50 packets daily, revealing mostly scheduled scans from infosec firms. The results highlight the interest and activity from companies like Shodan and Censys in TFTP traffic, indicating ongoing reconnaissance efforts in network environments.