Overview
Our feature this week introduces Dr. Ullrich's newest system addition addressing wide spread reports of SSH scans. This system collects logs you submit via a special API URL. We keep receiving reports from readers about wide spread ssh scans. This system was setup to get a better handle on these scans. http://isc.sans.edu/sshreports.html Reporting will be released as soon as there is enough information collected.

Features

• Reports are "POST"ed to https://isc.sans.edu/api/sshreports
• Parameters are userid, authkey, data(tab-delimited log data)
• XML status OK returned on successful submission
  • This only accepts data. Validation and processing are done at a later time

There is currently a PERL script to collect data from the "kippo" honeypot available at https://isc.sans.edu/kipposcript.pl

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu