Analyzing malicious SSH login attempts

September 12th, 2006 · No Comments

Malicious SSH login attempts have been appearing in some administrators’ logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one’s system against these attacks.

Using honeypots for research
The New Zealand Honeynet Alliance is a research organization and member of the Honeynet Alliance, which is dedicated to improving the security of computer systems and networks by researching the behavior, tactics, and tools of black hat hackers through the use of honeypot technology. Honeypots are computer systems whose value lies in their openness to attack and compromise, allowing the researcher to analyze malicious activity on the system.

We have set up such a system at the Victoria University of Wellington to investigate malicious activity that occurs on a university network in New Zealand. This system was a high interaction honeypot that an attacker can interact with like any other system on the network. As far as the attacker is concerned, there should be no discernible difference between the honeypot and other computer systems. However, it is closely monitored through the Honeynet Alliance Roo honeywall that captures all network traffic flowing to and from the honeypot. In addition, system events are recorded on the honeypot itself via its logging facility. Analyzing malicious SSH login attempts

The Network Security. Org

Analyzing malicious SSH login attempts

September 12th, 2006 · No Comments

From around the Web

Advertisments

Sponsors

Sponsors

Earlier Archives

Web Links