Análisis de ataques y atacantes externos a la infraestructura de datos de la Espoch, mediante la implementación de un honeypot del tipo (T-POT).

Abstract

The current degree work was aimed to analyze the attacks and external attackers of the data infrastructure at Escuela Superior Politécnica de Chimborazo, through the implementation of a T-pot in the server located in the Computer Science and Electronics Faculty. The results were obtained from the Kibana platform, which is deployed when the correct and total installation of the T-pot is ended. The data can be viewed in detail with all the attacks that have been registered since the first day of the system's setting up. The methodology is called network vulnerability analysis. These results include the country of origin of the attack, the type of attack, the IP of origin of the attack, the port used for the attack, and the users and passwords used. It also consists of illustrations to be able to identify the behavior of the T-pot using a Histogram that records the daily interactions with the network, as well as a complete map to identify from where the attack on the network is being carried out. It is concluded that the data collected is reliable since an internal honeypot collected data on attempts to access the network by CEDIA the service provider with attempts to access the network with real credentials used. In this project, it is recommended to take examples of users to know the most frequent registrations given by the NGINX tool, which provides network access attempts through IPs that register their location in Ecuador from companies such as CNT EP, Otecel SA, among other national and international companies.