Honeypot SSH
Odnosnie bluzgow... w moich honeypotach ich nie ma za wieleale statystyki sa ciekawe... patrzac na same honeypoty emulujace ssh - oto dwie instalacje ktore wylaczylem jakis czas temu i musze przegladnac logi:
Kod:Instance 8d434dd3e91266fcf66a18d93510fbff Unique values (41092 connections): - usernames 11697 - passwords 16866 - sources 248 # SSH client versions Count -------------------------------------------------------------- 1 SSH-2.0-libssh-0.1 39979 2 SSH-2.0-libssh2_1.0 439 3 SSH-2.0-libssh-0.11 328 4 SSH-2.0-libssh-0.2 133 5 SSH-2.0-PuTTY_Release_0.60 83 6 SSH-2.0-WinSCP_release_4.2.9 5 7 SSH-2.0-WinSCP_release_4.2.7 4 8 SSH-2.0-PuTTY_Release_0.58 3 9 SSH-2.0-dropbear_0.52 3 10 SSH-2.0-OpenSSH_3.9p1 1 11 SSH-2.0-PuTTY_Snapshot_2010_12_13:r9028 1 12 SSH-2.0-PuTTY_Snapshot_2010_04_01:r8911 1 # Top 10 usernames Count -------------------------------------------------------------- 1 root 9544 2 admin 633 3 test 600 4 oracle 349 5 user 259 6 nagios 237 7 guest 209 8 postgres 176 9 123456 148 10 mysql 140 # Top 10 passwords Count -------------------------------------------------------------- 1 123456 704 2 password 317 3 mirceasb11gre 310 4 1234 254 5 root 248 6 test 232 7 123 152 8 admin 146 9 12345 146 10 test123 139 # Top 10 'user / pass' combos Count -------------------------------------------------------------- 1 root / 123456 218 2 root / root 103 3 root / password 92 4 test / test 86 5 oracle / oracle 82 6 root / 111111 75 7 root / root123 68 8 root / redhat 67 9 mysql / mysql 67 10 postgres / postgres 65 # Top 10 offenders Count -------------------------------------------------------------- 1 202.117.3.30 6225 2 200.29.111.86 5277 3 59.50.36.46 4746 4 87.228.63.187 1874 5 200.201.180.130 1777 6 200.21.232.166 1690 7 46.17.100.91 1533 8 209.20.76.128 903 9 200.74.154.239 861 10 66.52.29.34 628ciekawe statystyki, zwlaszcza jak zobaczyc ilosc prob logowania vs ilosc unikalnych adresow IP...Kod:Instance c87ba85aa0bad59fc4a073f22ec5c037 Unique values (16983 connections): - usernames 4146 - passwords 4565 - sources 131 # SSH client versions Count -------------------------------------------------------------- 1 SSH-2.0-libssh-0.1 16237 2 SSH-2.0-libssh-0.2 394 3 SSH-2.0-libssh-0.11 230 4 SSH-2.0-dropbear_0.49 27 # Top 10 usernames Count -------------------------------------------------------------- 1 root 496 2 test 75 3 123456 74 4 admin 49 5 password 41 6 oracle 38 7 test123 35 8 1234 31 9 123 31 10 info 30 # Top 10 passwords Count -------------------------------------------------------------- 1 123456 281 2 password 262 3 1234 254 4 12345 244 5 123 240 6 189 7 1 75 8 111111 35 9 nobody 30 10 news 25 # Top 10 'user / pass' combos Count -------------------------------------------------------------- 1 root / 189 2 root / 123456 14 3 root / root 13 4 root / asdfgh 7 5 oracle / oracle 7 6 root / password 7 7 root / root123 6 8 admin / admin 6 9 postfix / postfix 5 10 ftpuser / ftpuser 5 # Top 10 offenders Count -------------------------------------------------------------- 1 61.155.5.247 4151 2 125.89.71.52 3563 3 200.45.103.248 2134 4 82.133.117.199 861 5 79.188.11.122 861 6 84.124.101.200 507 7 121.180.16.51 458 8 79.133.193.130 394 9 94.102.9.216 291 10 200.21.232.166 226
BTW moje honeypoty dzialaja zazwyczaj 1-2 miesiace zanim sa zamykane... i wtedy otwieram nowe na innych IP i w innej sieci i konfiguracji
Odpowiedź z Cytatem
Napisał lojciecdyrektor
nie wspominam juz o delikwentach co gdzies toolkit dorwali ale toolkit z bledem - taki matol go nie odpali chocby sie skichal, a trzeba 1-2 bajty zmienic w skrypcie i juz dziala... no ale za wysokie progi 
Copyright © 2006-2024 - HACK.pl. Wszelkie prawa zastrzeżone.