Earl, You'd have to have sebek on the host that was initiating the ssh connection (the attacker). On the victim host you wont see keystrokes since the password is crypted after the initial SSHd session setup is completed.
Arthur is correct, you'll have to modify the SSHd daemon to printf(1) the password attempts. (I did it years ago, its not hard). -- patrick On 11/27/07, Earl <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Will sebek really give you those [inbound] failed passwords? I > thought that traffic was still at the network level which I don't > believe sebek is aware of. > > > Earl > > On Tue, 27 Nov 2007 13:45:44 +0000 Robert Mcmillen > <[EMAIL PROTECTED]> wrote: > >Jason, > > Just out of curiosity, are you using a honeywall built from > >one > >of our releases or is this a custom job? If you are using a > >released > >honeywall, what version? > > > >Rob > > > >P.S. I would say the best bet would be sebek, but there has not > >been > >new development there in a long time. You a programmer? > > > > > >On Nov 27, 2007, at 12:58 AM, Jason Wong wrote: > > > >> Dear Earl & Bhasin, > >> > >> Thanks for your answers. > >> > >> Actually, my honeywall gateway works well as it let traffic pass > > > >> through itself. > >> There are many logs on SSH brute force password attacks. > >> Also, I can use public computers to access web applications on > >my > >> honeypot. > >> > >> The type of attacks that I am trying to attract is web > >applications > >> attacks. > >> > >> I have setup several web applications such phpBB, wordpress > >blog... > >> I hope to attract attacks that are targeted on these > >application. > >> > >> > >> > >> Regards, > >> > >> Jason > >> _______________________________________________ > >> Honeywall mailing list > >> [email protected] > >> https://public.honeynet.org/mailman/listinfo/honeywall > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Charset: UTF8 > Version: Hush 2.5 > > wkYEARECAAYFAkdMQPQACgkQk7+e+4lPSm2m8QCgsMPgFTa4gso7rUp9sgs09RtmD6YA > nRzEBoTzqoZwpzdIVkajFIPhk9FW > =Eeyc > -----END PGP SIGNATURE----- > > > _______________________________________________ > Honeywall mailing list > [email protected] > https://public.honeynet.org/mailman/listinfo/honeywall >
_______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
