Domain Name Used as Password Captured by DShield Sensor, (Sun, Oct 15th)

This post was originally published on this site

While reviewing my DShield honeypot logs, I noticed for the first time something strange in my list of Top Username & Password where several domain name were use as password. Initially, I was under the impression this might be a parsing error by Logstash and decided to review the raw logs to make sure it was parsed correctly to confirm data integrity. Since username and passwords isn't something submitted to DShield, I reviewed my own raw logs to confirm the data was accurate and reviewed the capture rate of username/password combination for the past few weeks:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.