I've build a simple telnet honeypot that emulated some embedded device.
I also got thousand of samples. I think it was mostly different strains of Mirai.
I learned some things about how bots fingerprint the honeypots, and patched it accordingly that they do not identify my service as a honeypot.
The funny thing about this was, that my ISP send me a letter (by post o.0),
that i run a vulnerable service on my network.
The honeypot had a "MOD" from an old nuclear power plant, and did some random tarpit and randomly let random user/password combinations to log in.
I learned some things about how bots fingerprint the honeypots, and patched it accordingly that they do not identify my service as a honeypot.
The funny thing about this was, that my ISP send me a letter (by post o.0), that i run a vulnerable service on my network.
The honeypot had a "MOD" from an old nuclear power plant, and did some random tarpit and randomly let random user/password combinations to log in.
It was a fun experiment