|The network should be invisible
The network should be noise free
Tel: +47 9807 1263
Regular readers of my blog over at http://bsdly.blogspot.com will recognize the term "Hail Mary Cloud", also known as the slow bruteforcers. The online columns (or syndicated versions thereof) may contain references to specific files on this server. However, I urge anybody who is interested in studying the data to either download the complete dataset as a .zip file (approx. 26MB) or use the table below to dive into the files online.
My overview article The Hail Mary Cloud And The Lessons Learned contains some discussion, links to all data as well as to the original (field notes) articles.
A recent ACM Conference on Computer and Communication Security paper, "Detecting stealthy, distributed SSH brute-forcing," penned by Mobin Javed and Vern Paxson, references a large subset of the data and offers some real analysis, including correlation with data from other sites (Spoiler alert: in some waves, almost total overlap of participating machines). One interesting point from the paper is that apparently attacks matching our profile were seen at the Lawrence Berkeley National Laboratory as early as 2005.
The Waves We Saw, 2008 - 2012
A more recent article, Badness, Enumerated by Robots (August 2018) has some further discussion of the data we currently collect as well as links to more recent data.
Conditions for use of the data: The data collected here (as well as the data available via references in the online coluumns) can be used freely for analysis and study and may be re-published in such contexts, as long as proper source attribution is used. An example of such attribution is: data collected by Peter N. M. Hansteen (firstname.lastname@example.org). For other use or more extensive assistance, please contact me for specific arrangements.