forked from wedaa/LongTail-Log-Analysis
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index-long.shtml
357 lines (342 loc) · 13.6 KB
/
index-long.shtml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
<HTML>
<BODY bgcolor=#00f0FF>
<link rel="stylesheet" type="text/css" href="/honey/LongTail.css">
<!--#include virtual="/honey/header.html" -->
<H3>LongTail Log Analysis @ <!--#include virtual="/honey/institution.html" -->
/ Historical Data<BR>All SSH Ports, <!--#include virtual="description.html" --></H3>
<P>This page is updated hourly.
Last updated on Wed Aug 12 19:10:02 EDT 2015
<BR>
<BR>
<TABLE border=1>
<TR><TH colspan=6>SSH Brute Force Attempts <a href="index-long-map.shtml">(Map View) </TH></TR>
<TR><TH>Description</TH><TH>Today</TH><TH>Never seen<BR>Before Today</TH><TH>This<BR>Month</TH><TH>This<BR>Year</TH><TH>Since Logging<BR>Started</TH>
<TR><TH>Login Attempts
</TD><TD>
<!--Login Attempts Today:--> 0
</TD><TD> N/A
</TD><TD>
<!--Login Attempts This Month:--> 0
</TD><TD>
<!--Login Attempts This Year:--> 0
</TD><TD>
<!--Login Attempts Since Logging Started:--> 0
</TR>
<TR><TH>SSHPsycho Login Attempts <a href="/honey/notes.shtml#3">[3]</a>
<TD>
<!--SSHPsycho Today:--> 0
</TD><TD> N/A
</TD><TD>
<!--SSHPsycho This Month:--> 0
</TD><TD>
<!--SSHPsycho This Year:--> 0
</TD><TD>
<!--SSHPsycho Since Logging Started:--> 0
</TR>
<TR><TH>SSHPsycho-2 Login Attempts <a href="/honey/notes.shtml#7">[7]</a>
<TD>
<!--SSHPsycho-2 Today:--> 0
</TD><TD> N/A
</TD><TD>
<!--SSHPsycho-2 This Month:--> 0
</TD><TD>
<!--SSHPsycho-2 This Year:--> 0
</TD><TD>
<!--SSHPsycho-2 Since Logging Started:--> 0
</TR>
<TR><TH>Friends of SSHPsycho Login Attempts <a href="/honey/notes.shtml#4">[4]</a>
<TD>
<!--SSHfriendsPsycho Today:--> 0
</TD><TD> N/A
</TD><TD>
<!--SSHfriendsPsycho This Month:--> 0
</TD><TD>
<!--SSHfriendsPsycho This Year:--> 0
</TD><TD>
<!--SSHfriendsPsycho Since Logging Started:--> 0
</TR>
<TR><TH>Associates of SSHPsycho Login Attempts <a href="/honey/notes.shtml#5">[5]</a>
<TD>
<!--SSHassociatesPsycho Today:--> 0
</TD><TD> N/A
</TD><TD>
<!--SSHassociatesPsycho This Month:--> 0
</TD><TD>
<!--SSHassociatesPsycho This Year:--> 0
</TD><TD>
<!--SSHassociatesPsycho Since Logging Started:--> 0
</TR>
<TR><TH>Unique Passwords</TH>
<TD>
<!--Unique Passwords Today:--> 0
</TD><TD>
<!--New Passwords Today:--> 0
</TD><TD>
<!--Unique Passwords This Month:--> 0
</TD><TD>
<!--Unique Passwords This Year:--> 0
</TD><TD>
<!--Unique Passwords Since Logging Started:--> 0
</TD><TD>
</TR>
<TR><TH>Unique Usernames </TH>
<TD>
<!--Unique Usernames Today:--> 0
</TD><TD>
<!--New Usernames Today:--> 0
</TD><TD>
<!--Unique Usernames This Month:--> 0
</TD><TD>
<!--Unique Usernames This Year:--> 0
</TD><TD>
<!--Unique Usernames Since Logging Started:--> 0
</TD><TD>
</TR>
<TR>
<TH>Unique IPs </TH>
<TD>
<!--Unique IPs Today:--> 0
</TD><TD>
<!--New IPs Today:--> 0
</TD><TD>
<!--Unique IPs This Month:--> 0
</TD><TD>
<!--Unique IPs This Year:--> 0
</TD><TD>
<!--Unique IPs Since Logging Started:--> 0
</TD><TD>
</TR>
<TR>
<TH>Active Honeypots </TH>
<TD><A href="/honey/todays_honeypots.shtml">
<!--Number of Honeypots Today:--> 1
</a></TD><TD>
<!--New Honeypots Today:-->
</TD><TD>
<!--Number of Honeypots This Month:--> 1
</TD><TD>
<!--Number of Honeypots This Year:--> 1
</TD><TD>
<!--Number of Honeypots Since Logging Started:--> 1
</TD><TD>
</TR>
</TABLE>
<BR>
<BR>
<H2>SSH Brute Force Attempts</H2>
<TABLE BORDER=0>
<TR><TH colspan=2>Count of Last 30 Days Of Attacks (Bars are clickable)</TH>
<TR><TD Colspan=2><img src="last-30-days-attack-count.png" alt="last-30-days-attack-count.png" usemap="#mapname" ><BR><BR>
<TR><TH>Prior 30 Days</TH><TH>All</TH>
<TR><TD><img src="last-30-days-top-20-root-passwords.png" alt="last-30-days-top-20-root-passwords" usemap=#last-30-days-top-20-root-passwords.map><BR><BR>
<TD><img src="historical-top-20-root-passwords.png" alt="historical-top-20-root-passwords" usemap=#historical-top-20-root-passwords.map><BR><BR>
<TR><TD><img src="last-30-days-top-20-admin-passwords.png" alt="last-30-days-top-20-admin-passwords" usemap=#last-30-days-top-20-admin-passwords.map><BR><BR>
<TD><img src="historical-top-20-admin-passwords.png" alt="historical-top-20-admin-passwords" usemap=#historical-top-20-admin-passwords.map><BR><BR>
<TR><TD><img src="last-30-days-top-20-non-root-accounts.png" alt="last-30-days-top-20-non-root-accounts" usemap=#last-30-days-top-20-non-root-accounts.map><BR><BR>
<TD><img src="historical-top-20-non-root-accounts.png" alt="historical-top-20-non-root-accounts" usemap=#historical-top-20-non-root-accounts.map><BR><BR>
<TR><TD><img src="last-30-days-top-20-non-root-passwords.png" alt="last-30-days-top-20-non-root-passwords" usemap=#last-30-days-top-20-non-root-passwords.map><BR><BR>
<TD><img src="historical-top-20-non-root-passwords.png" alt="historical-top-20-non-root-passwords" usemap=#historical-top-20-non-root-passwords.map><BR><BR>
<TR><TH Colspan=2><a href ="graphics.shtml">More Charts </a></TH></TR>
<TR><TH Colspan=2><a href ="/honey/graphics_all.shtml">All Charts For ALL hosts </a></TH></TR>
</TABLE>
<map name="mapname">
<!--#include virtual="/honey/30_days_imagemap.html" -->
</map>
<map name="current-top-20-root-passwords.map"> <!--#include virtual="/honey/current-top-20-root-passwords.map" --> </map>
<map name="last-7-days-top-20-root-passwords.map"> <!--#include virtual="/honey/last-7-days-top-20-root-passwords.map" --> </map>
<map name="current-top-20-admin-passwords.map"> <!--#include virtual="/honey/current-top-20-admin-passwords.map" --> </map>
<map name="last-7-days-top-20-admin-passwords.map"> <!--#include virtual="/honey/last-7-days-top-20-admin-passwords.map" --> </map>
<map name="current-top-20-non-root-accounts.map"> <!--#include virtual="/honey/current-top-20-non-root-accounts.map" --> </map>
<map name="last-7-days-top-20-non-root-accounts.map"> <!--#include virtual="/honey/last-7-days-top-20-non-root-accounts.map" --> </map>
<map name="current-top-20-non-root-passwords.map"> <!--#include virtual="/honey/current-top-20-non-root-passwords.map" --> </map>
<map name="last-7-days-top-20-non-root-passwords.map"> <!--#include virtual="/honey/last-7-days-top-20-non-root-passwords.map" --> </map>
<map name="last-30-days-top-20-root-passwords.map"> <!--#include virtual="/honey/last-30-days-top-20-root-passwords.map" --> </map>
<map name="historical-top-20-root-passwords.map"> <!--#include virtual="/honey/historical-top-20-root-passwords.map" --> </map>
<map name="last-30-days-top-20-admin-passwords.map"> <!--#include virtual="/honey/last-30-days-top-20-admin-passwords.map" --> </map>
<map name="historical-top-20-admin-passwords.map"> <!--#include virtual="/honey/historical-top-20-admin-passwords.map" --> </map>
<map name="last-30-days-top-20-non-root-accounts.map"> <!--#include virtual="/honey/last-30-days-top-20-non-root-accounts.map" --> </map>
<map name="historical-top-20-non-root-accounts.map"> <!--#include virtual="/honey/historical-top-20-non-root-accounts.map" --> </map>
<map name="last-30-days-top-20-non-root-passwords.map"> <!--#include virtual="/honey/last-30-days-top-20-non-root-passwords.map" --> </map>
<map name="historical-top-20-non-root-passwords.map"> <!--#include virtual="/honey/historical-top-20-non-root-passwords.map" --> </map>
<BR>
<BR>
<H3>Daily Trends</H3>
<a href ="trends-in-root-passwords.shtml">Top 20 "root" Passwords</a>
<BR>
<a href ="trends-in-admin-passwords.shtml">Top 20 "admin" account Passwords</a>
<BR>
<a href ="trends-in-non-root-passwords.shtml">Top Non 20 "root"/"admin" account Passwords</a>
<BR>
<a href ="trends-in-accounts.shtml">Top 20 Accounts</a>
<BR>
<BR>
<H3>Statistics</H3>
<a href ="statistics.shtml">Attack Statistics <!--#include virtual="description.html" --></a>
<BR>
<a href ="/honey/statistics_all.shtml">Attack Statistics Broken Down By Site</a>
<BR><BR>
<a href ="more_statistics.shtml">Attack, Password, IP Address, Account Name Statistics <!--#include virtual="description.html" --> </a>
<BR>
<a href ="/honey/more_statistics_all.shtml">Attack, Password, IP Address, Account Name Statistics Broken Down By Site</a>
<BR>
<BR>
<a href ="attacks_by_day.shtml">Attacks By Day, Calendar View</a>
<BR>
<BR>
<HR>
<H3>Today's Password Activity</H3>
<a href ="todays-uniq-passwords.shtml">Passwords FIRST seen today</a>
<BR>
<BR>
<a href ="current-root-passwords.shtml">"root" Passwords</a> (Restriced Access)
<BR>
<a href ="current-top-20-root-passwords.shtml">Top 20 "root" Passwords</a>
<BR>
<BR>
<a href ="current-admin-passwords.shtml">"admin" account Passwords</a> (Restriced Access)
<BR>
<a href ="current-top-20-admin-passwords.shtml">Top 20 "admin" account Passwords</a>
<BR>
<BR>
<a href ="current-non-root-passwords.shtml">Non "root"/"admin" account Passwords</a> (Restriced Access)
<BR>
<a href ="current-top-20-non-root-passwords.shtml">Top 20 Non "root"/"admin" account Passwords</a>
<BR>
<BR>
<H3>Today's Username Activity</H3>
<a href ="todays-uniq-username.shtml">Accounts FIRST seen today</a>
<BR>
<BR>
<a href ="current-non-root-accounts.shtml">Accounts Tried</a>
<BR>
<a href ="current-top-20-non-root-accounts.shtml">Top 20 Accounts Tried</a>
<BR>
<BR>
<a href ="current-non-root-pairs.shtml">Non "root"/"admin" account pairs</a>
<BR>
<a href ="current-top-20-non-root-pairs.shtml">Top 20 Non "root"/"admin" account pairs</a>
<BR>
<BR>
<H3>Today's IP Address Activity</H3>
<a href ="todays-uniq-ips.shtml">IP Addresses FIRST seen today</a>
<BR>
<BR>
<a href="current-ip-addresses.shtml">IP Addresses</a>
<BR>
<a href="current-top-20-ip-addresses.shtml">Top 20 IP Addresses</a>
<BR>
<a href="current-attacks-by-country.shtml">Attacks By Country, By IP Address </a>
<BR>
<BR>
<HR>
<H3>Last 7 Days Password Activity</H3>
<a href ="last-7-days-root-passwords.shtml.gz">"root" Passwords</a> (Restriced Access)
<BR>
<a href ="last-7-days-top-20-root-passwords.shtml">Top 20 "root" Passwords</a>
<BR>
<BR>
<a href ="last-7-days-admin-passwords.shtml">"admin" account Passwords</a> (Restriced Access)
<BR>
<a href ="last-7-days-top-20-admin-passwords.shtml">Top 20 "admin" account Passwords</a>
<BR>
<BR>
<a href ="last-7-days-non-root-passwords.shtml">Non "root"/"admin" account Passwords</a> (Restriced Access)
<BR>
<a href ="last-7-days-top-20-non-root-passwords.shtml">Top 20 Non "root"/"admin" account Passwords</a>
<BR>
<BR>
<H3>Last 7 Days Username Activity</H3>
<a href ="last-7-days-non-root-accounts.shtml">Accounts Tried</a>
<BR>
<a href ="last-7-days-top-20-non-root-accounts.shtml">Top 20 Accounts Tried</a>
<BR>
<BR>
<a href ="last-7-days-non-root-pairs.shtml">Non "root"/"admin" account pairs</a> (Restriced Access)
<BR>
<a href ="last-7-days-top-20-non-root-pairs.shtml">Top 20 Non "root"/"admin" account pairs</a>
<BR>
<BR>
<H3>Last 7 Days IP Address Activity</H3>
<a href="last-7-days-ip-addresses.shtml">IP Addresses</a>
<BR>
<a href="last-7-days-top-20-ip-addresses.shtml">Top 20 IP Addresses</a>
<BR>
<a href="last-7-days-attacks-by-country.shtml">Attacks By Country, By IP Address </a>
<BR>
<BR>
<HR>
<H3>Prior 30 Days Password Activity</H3>
<a href ="last-30-days-root-passwords.shtml.gz">"root" Passwords</a> (Restriced Access)
<BR>
<a href ="last-30-days-top-20-root-passwords.shtml">Top 20 "root" Passwords</a>
<BR>
<BR>
<a href ="last-30-days-admin-passwords.shtml">"admin" account Passwords</a> (Restriced Access)
<BR>
<a href ="last-30-days-top-20-admin-passwords.shtml">Top 20 "admin" account Passwords</a>
<BR>
<BR>
<a href ="last-30-days-non-root-passwords.shtml">Non "root"/"admin" account Passwords</a> (Restriced Access)
<BR>
<a href ="last-30-days-top-20-non-root-passwords.shtml">Top 20 Non "root"/"admin" account Passwords </a>
<BR>
<BR>
<H3>Prior 30 Days Username Activity</H3>
<a href ="last-30-days-non-root-accounts.shtml">Accounts Tried</a>
<BR>
<a href ="last-30-days-top-20-non-root-accounts.shtml">Top 20 Accounts Tried</a>
<BR>
<BR>
<a href ="last-30-days-non-root-pairs.shtml">Non "root"/"admin" account pairs</a> (Restriced Access)
<BR>
<a href ="last-30-days-top-20-non-root-pairs.shtml">Top 20 Non "root"/"admin" account pairs</a>
<BR>
<BR>
<H3>Prior 30 Days IP Address Activity</H3>
<a href="last-30-days-ip-addresses.shtml">IP Addresses</a>
<BR>
<a href="last-30-days-top-20-ip-addresses.shtml">Top 20 IP Addresses</a>
<BR>
<a href="last-30-days-attacks-by-country.shtml">Attacks By Country, By IP Address </a>
<BR>
<BR>
<HR>
<H3>Historical(ALL) Password Activity </H3>
<a href ="historical-root-passwords.shtml.gz">Historical "root" Passwords</a> (Restriced Access)
<BR>
<a href ="historical-top-20-root-passwords.shtml">Historical Top 20 "root" Passwords</a>
<BR>
<a href ="historical-admin-passwords.shtml">Historical "admin" account Passwords</a> (Restriced Access)
<BR>
<a href ="historical-top-20-admin-passwords.shtml">Historical Top 20 "admin" account Passwords</a>
<BR>
<BR>
<a href ="historical-non-root-passwords.shtml">Historical Non "root"/"admin" account Passwords</a> (Restriced Access)
<BR>
<a href ="historical-top-20-non-root-passwords.shtml">Historical Top 20 Non "root"/"admin" account Passwords</a>
<BR>
<BR>
<H3>Historical(ALL) Account Activity </H3>
<a href ="historical-non-root-accounts.shtml">Historical Accounts Tried</a>
<BR>
<a href ="historical-top-20-non-root-accounts.shtml">Historical Top 20 Accounts Tried</a>
<BR>
<BR>
<a href ="historical-non-root-pairs.shtml">Historical Non "root"/"admin" account pairs</a> (Restriced Access)
<BR>
<a href ="historical-top-20-non-root-pairs.shtml">Historical Top 20 Non "root"/"admin" account pairs</a>
<BR>
<BR>
<H3>Historical(ALL) IP Address Activity </H3>
<a href="historical-ip-addresses.shtml">Historical IP Addresses</a>
<BR>
<a href="historical-top-20-ip-addresses.shtml">Historical Top 20 IP Addresses</a>
<BR>
<a href="historical-attacks-by-country.shtml">Historical Attacks By Country, By IP Address </a>
<BR>
<a href="historical-ssh-attacks-by-time-of-day.shtml">Historical Attacks By Time of Day </a>
<BR>
<BR>
<HR>
<a href="historical/">Long Term Historical Reports</A> This includes RAW input data more than 90 days old.
<!--#include virtual="/honey/footer.html" -->