LebahNET Statistic – September 2015

1. Summary

CyberSecurity Malaysia has established a Honeynet project known as Lebahnet.

Lebahnet is a Honeypot Based Distributed System for detecting and capturing attacks that evades traditional security devices. This project was initiated in 2002.

Lebahnet as a lightweight and passive honeypot; emulate vulnerabilities of operating systems used in an enterprise to alert security administrator on source of attacks.

The project aims to provide valuable supporting information such as network trends and malicious activities for our incident handling and advisory activities currently carried out by MyCERT. Lebahnet also serves as a research network for our analysts to experiment with relevant tools and techniques.

MyCERT has deployed the LebahNET Sensor in several areas in Malaysia.

2. Analysis

The data is collected from LebahNET Sensors from 2015-09-01 to 2015-09-30.

Summary of collected data

Number of Hits: 35294
Total Malwares: 571
Unique Malwares: 47

Targeted Services

Top 10 Threat Origins

Top 10 IPs

# Source IP Total
1 222.186.61.10 (CN) 5032
2 222.186.34.74 (CN) 4711
3 61.147.103.166 (CN) 3688
4 45.35.33.50 (US) 1105
5 80.82.64.134 (NL) 659
6 117.21.176.17 (CN) 650
7 112.5.16.68 (CN) 630
8 58.63.245.217 (CN) 558
9 45.34.1.183 (US) 432
10 89.163.144.80 (DE) 360

Web Attack

Bruteforce Attack

Targeted Services

Top 10 Username

# Username Total
1 sa 9703
2 root 4018
3 admin 1663
4 ubnt 464
5 mysql 158
6 support 150
7 user 124
8 test 119
9 oracle 114
10 DUP root 99

Top 10 Password

# Password Total
1 admin 1247
2 root 615
3 ubnt 375
4 password 260
5 123456 222
6 1 112
7 support 108
8 12345 89
9 00 81
10 1234 78

One thought on “LebahNET Statistic – September 2015

  1. eis says:

    Thank you. This article is full of valuable information. Maybe should follow-up with a list of ways to counter these attacks. Eg. one way is to block visitor IP address range from countries that are not related to your business location.

Leave a Reply