Hackin9

For many reasons,most ISPs are finding that service affecting DDOSes, which were a common occurrence as little as a year ago are rare in the later half of 2015 and so far in 2016. Hopefully the arrest of some alleged members of DD4BCwill also put a damper on the DDOS for ransom fad. That said DDOS is not dead. It appears booters services, DDOS for hire services with intent to be anuisance" />

The large spikes show DDOS attacks, typically aimed at a single IP. As you can seen the traffic is typically a mix of DNS, port 0, with some chargen thrown in. For some reason SSDP, which was a large part of attacks in the recent past, has become a small part of the traffic mix in todays attacks.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

It has been a while, but I finally got around to fixing a bugin my script for putting kippo text logs into a kippo-formatted MySQL database. In this case, it was a bug that caused the sensor column in the sessions table to be NULL instead of the correct value. I just used the updated script to analyze 2.8M login attempts from 2015in one of my kippohoneypots. I first wrote about the script here. Ive also moved some of my tools including this script to github. You can find the latest version here. I think I may have another bug that was reported by a user a while back to fix, Ill try to get to that in the next month. In the meantime, I welcome thoughts and comments by e-mail or in the comments.

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status