SSH Honeypot statistics 21-04-2013

Page 1

KIPPO-GRAPH

FAST VISUALIZATION FOR YOUR KIPPO SSH HONEYPOT STATS Version: 0.7.4 | Website: bruteforce.gr/kippo-graph

HOMEPAGE

KIPPO-GRAPH

KIPPO-INPUT

KIPPO-GEO

GRAPH GALLERY

Overall honeypot activity Total login attempts

11759

Distinct source IP addresses

56

Active time period Start date (first attack) Tuesday, 09-Apr-2013, 20:22 PM

End date (last attack) Sunday, 21-Apr-2013, 14:40 PM

Graphical statistics generated from your Kippo honeypot database

Top 10 passwords This vertical bar chart diplays the top 10 passwords that attackers try when attacking the system.

Top 10 usernames This vertical bar chart diplays the top 10 usernames that attackers try when attacking the system.

Top 10 user-pass combos This vertical bar chart diplays the top 10 username and password combinations that attackers try when attacking the system.

This pie chart diplays the top 10 username and password combinations that attackers try when attacking the system.

Success ratio This vertical bar chart diplays the overall attack success ratio for the particular honeypot system.

Successes per day/week This vertical bar chart diplays the most successful break-ins per day (Top 20) for the particular honeypot system. The numbers indicate how many times correct credentials were given by attackers.

This line chart diplays the daily successes on the honeypot system. Spikes indicate successful entries over a weekly period. Warning: Dates with zero successes are not displayed.

This line chart diplays the weekly successes on the honeypot system. Curves indicate successful entries over a weekly period.

Connections per IP This vertical bar chart diplays the top 10 unique IPs ordered by the number of overall connections to the system.

This pie chart diplays the top 10 unique IPs ordered by the number of overall connections to the system.

Successful logins from the same IP This vertical bar chart diplays the number of successful logins from the same IP address (Top 20). The numbers indicate how many times the particular source opened a successful session.

Probes per day/week This horizontal bar chart diplays the most probes per day (Top 20) against the honeypot system.

This line chart diplays the daily activity on the honeypot system. Spikes indicate hacking attempts. Warning: Dates with zero probes are not displayed.

This line chart diplays the weekly activity on the honeypot system. Curves indicate hacking attempts over a weekly period.

Top 10 SSH clients This vertical bar chart diplays the top 10 SSH clients used by attackers during their hacking attempts.

Copyright Š 2011, 2012 - All Rights Reserved - Kippo-Graph

Thanks to OS Templates

KIPPO-GRAPH

FAST VISUALIZATION FOR YOUR KIPPO SSH HONEYPOT STATS Version: 0.7.4 | Website: bruteforce.gr/kippo-graph

HOMEPAGE

KIPPO-GRAPH

KIPPO-INPUT

KIPPO-GEO

GRAPH GALLERY

Input presentation and statistics gathered from the honeypot system Overall post-compromise activity Post-compromise human activity Total number of commands 7

Distinct number of commands 4 Downloaded files

Total number of downloads 0

Distinct number of downloads 0

Human activity inside the honeypot The following vertical bar chart visualizes the top 20 busiest days of real human activity, by counting the number of input to the system.

The following line chart visualizes real human activity per day, by counting the number of input to the system for each day of operation. Warning: Dates with zero input are not displayed.

The following line chart visualizes real human activity per week, by counting the number of input to the system for each day of operation.

Top 10 input (overall) The following table diplays the top 10 commands (overall) entered by attackers in the honeypot system. ID

Input

Count

1

exit

3

2

w

2

3

test

1

4

ls

1

This vertical bar chart visualizes the top 10 commands (overall) entered by attackers in the honeypot system.

Top 10 successful input The following table diplays the top 10 successful commands entered by attackers in the honeypot system. ID

Input (success)

Count

1

exit

3

2

w

2

3

ls

1

This vertical bar chart visualizes the top 10 successful commands entered by attackers in the honeypot system.

Top 10 failed input The following table diplays the top 10 failed commands entered by attackers in the honeypot system. ID 1

Input (fail) test

Count 1

This vertical bar chart visualizes the top 10 failed commands entered by attackers in the honeypot system.

Copyright Š 2011, 2012 - All Rights Reserved - Kippo-Graph

Thanks to OS Templates

KIPPO-GRAPH

FAST VISUALIZATION FOR YOUR KIPPO SSH HONEYPOT STATS Version: 0.7.4 | Website: bruteforce.gr/kippo-graph

HOMEPAGE

KIPPO-GRAPH

KIPPO-INPUT

KIPPO-GEO

GRAPH GALLERY

Geolocation information gathered from the top 10 IP addresses probing the system The following table displays the top 10 IP addresses connected to the system (ordered by volume of connections). ID

IP Address

Probes

City

Region

Country Name

Code

Latitude

Longitude

Hostname

1

93.63.201.220

5258

Rome

Latium

Italy

IT

41.900002

12.4833

smtp.sinfarma.it

2

69.28.57.87

4021

Rowland Heights

CA

United States

US

33.978199

-117.903999

69.28.57.87

3

202.102.111.179

383

Nanjing

Jiangsu

China

CN

32.061699

118.777802

202.102.111.179

4

218.237.65.47

284

Seocho

Seoul

Korea, Republic of

KR

37.490601

127.019997

218.237.65.47

5

58.225.75.228

262

Seoul

Seoul

Korea, Republic of

KR

37.598499

126.978302

58.225.75.228

6

79.172.10.78

257

Yekaterinburg

Sverdlovsk

Russian Federation

RU

56.851898

60.612202

79.172.10.78.ural.ru

7

220.161.148.178

218

Putian

Fujian

China

CN

24.987801

118.498299

220.161.148.178

8

121.254.224.145

96

Seoul

Seoul

Korea, Republic of

KR

37.598499

126.978302

121.254.224.145

9

176.99.6.220

90

Russian Federation

RU

60

100

1056.globatel.ru

10

61.236.64.56

81

China

CN

39.928902

116.388298

61.236.64.56

Beijing

Beijing

The following vertical bar chart visualizes the top 10 IPs ordered by the number of connections to the system. Notice the two-letter country code to after each IP get a quick view of the locations where the attacks are coming from.

Lookup

The following pie chart visualizes the top 10 IPs ordered by the number of connections to the system. Notice the two-letter country code to after each IP get a quick view of the locations where the attacks are coming from.

The following zoomable world map marks the geographic locations of the top 10 IPs according to their latitude and longitude values. Click on them to get the full information available from the database.

Imagery Š2013 NASA

The following Intensity Map shows the volume of attacks per country by summarising probes originating from the same nation, using the same IP or not.

347

5258

The following pie chart visualizes the volume of attacks per country by summarising probes originating from the same nation, using the same IP or not.

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.