Lars König made an interesting presentation at last Chaos Communication Congress. Tired of the incoming flow of attacks on his SSH port, he went on to track and find the attackers, and discovered a large botnet that he could take control of.
As he didn’t simply want to fix the problem for himself, he thought about a way to provide the community with advanced monitoring and defense mechanisms… In this talk, Lars describes his journey from frowning at flooding logs to automating reporting to abuse email addresses – when those exist, and are monitored. Enjoy!
Netwatch Team: a RIPE ATLAS for network threats
He announced https://netwatch.team, a volunteer distributed attack monitoring network, currently providing an SSH AttackPod that monitors and reports botnet attacks on the SSH port.
Since the RIPE ATLAS has similar goals for DNS measurements, I thought this could be interesting for some people here. The source code and daily attack summary data can be found on NetWatch.team · GitHub.