A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


LongTail SSH Attack Analysis - Eric Wedaa Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

LongTail SSH Attack Analysis
Eric Wedaa
Derbycon 2015

LongTail is both a honeypot and a set of programs that analyze ssh brute force login attempts. It performs not only the standard what passwords are being tried, also analyzes them based on accounts tried. Where LongTail goes that nobody else currently does is that it groups them into attack patterns, and then provably groups attacking IP addresses into botnets that are controlled by a single person or group of people. This talk contains light technical details on how this is done so it can be followed by non-technical staff, but is technical enough that the results can be reproduced by technical staff.

Eric Wedaa has been involved with Unix System Administrations since 1987, and while currently not a security officer by title, Eric has been actively involved with Unix security since 1992, and has recently released LongTail Log Analysis, an ssh brute force attack analysis tool. This is the first publicly released tool that not only does a basic analysis of ssh login attempts, but also can group them into botnets based on similar attack patterns.

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast