In this blog post series, I will be covering how to setup a Tor exit node for security research. The educational goals of this series is to learn more about network security monitoring, logging, and enrichment to create a threat intelligence pipeline. My exit node will collect data that will be ingested and returned to the community as intelligence.
Kippo is typically the go to application for information security researchers looking to set up an SSH honeypot. Likewise the Cowire honeypot is forked from the Kippo project. I personally believe that Cowire is better than Kippo and has fixed some common issues within Kippo. Below I go through a simple instillation of Cowire on Ubuntu 14.04. Within the coming posts I will show some of the common ways attackers detect a Cowire/Kippo instance, and its short comings. Please keep in mind that I mean no disrespect to the developers of the Kippo honeypot! They have provided the most used honeypot on the internet today and have truly done a remarkable job.