being deployed against SSH honeypots – implications and英文资料.pdfVIP

Edith Cowan University Research Online Australian Digital Forensics Conference Conferences, Symposia and Campus Events 2014 Finding evidence of wordlists being deployed against SSH honeypots – implications and impacts Priya R abadia Edith Cowan University, praba ia@.au Craig Valli Edith Cowan University, c.valli@.au 10.4225/75/57b3e7d5fb882 Originally published in the Procee ings of the 12th Australian Digital Forensics Conference. Held on the 1-3 December, 2014 at E ith Cowan University, Joon alup Campus, Perth, Western Australia. This Conference Procee ing is posted at Research Online. .au/a f/141 FINDING EVIDENCE OF WORDLISTS BEING DEPLOYED AGAINST SSH HONEYPOTS – IMPLICATIONS AND IMPACTS Priya Rabadia and Craig Valli Edith Cowan University, Security Research Institute, Perth, Australia prabadia@.au, c.valli@.au Abstract This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. The honeypots used the same base software and hardware configurations. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. Although all three honeypots are have the same configuration settings and are located on the same IPv4 /24 subnet work space, there is a variation between the numbers of activities recorded on each honeypots. Automated password guessing using wordlists is one technique employed by cyber criminals in attempts to gain access to devices