Tawnos
2[H]4U
- Joined
- Sep 9, 2001
- Messages
- 3,808
So, I've had a ton of login attempts tonight:
IP resolves to Moscow. Probably a botnet, but I've had very few attempts since changing the port from standard.
I'd like to log the attempts used by such bots or skiddies. My system is set up to only accept certificates, generated and transported by sneakernet. So there's no chance of mistakenly typing my own password (also randomly generated) and logging it.
Any ideas? I could docker or Hyper-V any linux image needed (I have my Kali instance on hyper-v at the moment, using iSCSI to my Synology NAS), but I hope there's someone out there who's tried to do something similar. Sure, I can mirror a port to capture the traffic, but I'm also looking to keep the plaintext username: password attempts, especially if there are nonstandard bytes in there. May be useful for spotting new exploit attempts too, perhaps.
IP resolves to Moscow. Probably a botnet, but I've had very few attempts since changing the port from standard.
I'd like to log the attempts used by such bots or skiddies. My system is set up to only accept certificates, generated and transported by sneakernet. So there's no chance of mistakenly typing my own password (also randomly generated) and logging it.
Any ideas? I could docker or Hyper-V any linux image needed (I have my Kali instance on hyper-v at the moment, using iSCSI to my Synology NAS), but I hope there's someone out there who's tried to do something similar. Sure, I can mirror a port to capture the traffic, but I'm also looking to keep the plaintext username: password attempts, especially if there are nonstandard bytes in there. May be useful for spotting new exploit attempts too, perhaps.