diff --git a/cowrie/wardenfiler.py b/cowrie/wardenfiler.py
index 9adb65dc26bdd1311ab65938e763fb05958bdbea..d8e0d1b3c86fc6d541698958438ded6f5c0df4d4 100644
--- a/cowrie/wardenfiler.py
+++ b/cowrie/wardenfiler.py
@@ -19,6 +19,7 @@ from datetime import datetime
from uuid import uuid4
from hashlib import sha1
from base64 import b64encode
+from ipaddress import ip_address
from ipaddress import IPv4Network
from ipaddress import IPv6Network
from cowrie.core.config import CowrieConfig
@@ -174,7 +175,12 @@ class Output(cowrie.core.output.Output):
if entry.get("dst_port") and self.reported_ssh_port:
entry["dst_port"] = self.reported_ssh_port
- if entry["eventid"] == 'cowrie.session.connect':
+ if entry["eventid"] == 'cowrie.session.connect':
+ # Do not track a session for a source
+ # which is not globally routable
+ if not ip_address(entry["src_ip"]).is_global:
+ return()
+
if self.resolve_nat:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.nat_host, self.nat_port))
diff --git a/dionaea/log_wardenfiler.py b/dionaea/log_wardenfiler.py
index a65e904f95cf409c517a6ef2202d97f3387b2e93..709559e2da7f2569f229089e889530630ce60f4d 100644
--- a/dionaea/log_wardenfiler.py
+++ b/dionaea/log_wardenfiler.py
@@ -21,6 +21,7 @@ from datetime import datetime
from uuid import uuid4
from hashlib import sha1
from base64 import b64encode
+from ipaddress import ip_address
from ipaddress import IPv4Network
from ipaddress import IPv6Network
@@ -438,7 +439,13 @@ class LogWardenfilerHandler(ihandler):
if con in self.sessions:
s = self.sessions[con]
- if s.get("cmds"):
+
+ # Do not generate IDEA event for a source
+ # which is not globally routable
+ if not ip_address(s["src_ip"]).is_global:
+ logger.info("not generating an event for connection from non-global IP %s:%s" % (con.remote.host, con.remote.port))
+
+ elif s.get("cmds"):
event = self._make_idea(con)
self._save_event(event)
logger.info("sending connection event from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port))