Thursday, April 2, 2015

What's in the honeypot? Frequency of SSH Login Attempts based on Country of Origin

Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country they have come from:


Occurances
Country
511
China
149
Australia
6
Vietnam
4
Russia
3
South Korea
3
Thailand


I noticed that most of the occurrences of failed login attempts are from China, again no attribution to them or any other country listed.

I was curious which of the IP Addresses came from the country of Russia:
31.184.194.115
78.109.142.184
122.225.38.23
195.94.234.86

The only IP with a little history on virustotal.com is 195.94.234.86 but no trace to malicious files have occurred at this time.



No comments:

Post a Comment

Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...