Patterns and Patter - An Investigation into SSH Activity Using Kippo Honeypots

Authors

Craig Valli, Edith Cowan UniversityFollow
Priya Rabadia, Edith Cowan UniversityFollow
Andrew Woodward, Edith Cowan UniversityFollow

Document Type

Conference Proceeding

Publisher

SRI Security Research Institute, Edith Cowan University, Perth, Western Australia

Abstract

This is an investigation of the activity detected on three honeypots that utilise the Kippo SSH honeypot system on VPS servers all on the same C class address. The systems ran on identical software bases and hardware configurations. The results are over the period 21st March 2013 until Tuesday 04 June 2013. The initial analysis covered in this paper examines behaviours and patterns detected of the attacking entities. The attack patterns were not consistent and there was large disparity in numbers and magnitude of attacks on all hosts. Some of these issues are explored in the paper.

Comments

11th Australian Digital Forensics Conference. Held on the 2nd-4th December, 2013 at Edith Cowan University, Perth, Western Australia

DOI

10.4225/75/57b3dbc8fb877