Strange validation attempts on DSHIELD project
Hello everyone

I'm one of the guys involved on DSHIELD project of this SANS website.

Today, I was reading the hits from my honeypot and I found the following strange validation attemps:

user:root
Password: system\x00

In some cases the bots try to validate with the following usernames:

shell\x00
enable\x00

I look forward to know, what kind of attempts are them... could it be a sheellcode/exploit for some IOT device? or maybe it is a mistake when the validation logs are parsed?

Thanks a lot for your support in advance!
ShanHolo

9 Posts

Sign Up for Free or Log In to start participating in the conversation!