There's a new ssh brute force analyzer running at http://longtail.it.marist.edu .
In addition to the standard "What passwords were tried", LongTail also analyzes and compares "Attack Patterns". With over 5 million login attempts recorded so far, and over 20 thousand "Attack Patterns" recorded and analyzed, LongTail shows that Cisco and Level 3's recent announcment about blocking sshPsycho's 4 class C IP ranges (also known as "Group 93" and the "Hee Thai Campaign") has done nothing to stop their brutal attacks. LongTail is able to show that SshPsycho has control and strong influence over more hosts than are covered by Cisco's announcement.
The LongTail ssh honeypot, reporting code and webpages are currently available in BETA release for download as well (See the Download tab at the website for where to go).
May 11th 2015
4 years ago