LongTail: FOSS ssh Honeypot and Analytics Software
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
2016,
SHARE in San Antonio 2016
LongTail is both a honeypot and a set of programs that analyze ssh brute force login attempts. This presentation will show just how hard the hackers are trying to break into our systems; and show some of the methods they are using to get account names and passwords to try.
LongTail performs not only the standard what passwords are being tried; but also analyzes them based on accounts tried. Where LongTail goes that nobody else currently does; is that it groups them into attack patterns; and then provably groups attacking IP addresses into botnets that are controlled by a single person or group of people.
This talk contains light technical details on how this is done so it can be followed by non-technical staff; but is technical enough that the results can be reproduced by technical staff.
LongTail is Free and Open Source Software (FOSS). The LongTail website is currently live; with live repoting; at http://longtail.it.marist.edu-Eric Wedaa-Marist College
Back to Proceedings File Library