Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: LongTail at Marist shows sshPsycho causes 80% of SSH Brute Force attacks - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
LongTail at Marist shows sshPsycho causes 80% of SSH Brute Force attacks
There's a new ssh brute force analyzer running at http://longtail.it.marist.edu .

In addition to the standard "What passwords were tried", LongTail also analyzes and compares "Attack Patterns". With over 5 million login attempts recorded so far, and over 20 thousand "Attack Patterns" recorded and analyzed, LongTail shows that Cisco and Level 3's recent announcment about blocking sshPsycho's 4 class C IP ranges (also known as "Group 93" and the "Hee Thai Campaign") has done nothing to stop their brutal attacks. LongTail is able to show that SshPsycho has control and strong influence over more hosts than are covered by Cisco's announcement.

The LongTail ssh honeypot, reporting code and webpages are currently available in BETA release for download as well (See the Download tab at the website for where to go).
EricWedaa

4 Posts

Sign Up for Free or Log In to start participating in the conversation!