I thought I would share a few metrics from Splunk and OpenDNS. I’ve been logging various things to Splunk for a while now, but one of the more interesting is capturing SSH login attempts to my Kippo SSH honeypot.

creds1
Top 10 userid and password combinations


password1
Top 10 passwords

“123456” being the most attempted password given it’s also the most popular password in use today.

And then I have been using OpenDNS Umbrella to capture all of my DNS activity. One of the more interesting aspects are the DNS lookups performed by my mail filter since I operate my own mail server. Given that lots of spam gets thrown at it, it’s interesting how many of the DNS lookups are for sites labeled as malware by OpenDNS.

opendns-malware1
Top domains labeled as malware by OpenDNS

I intend to perform some more in depth studies of the data I am collecting which should prove to be very interesting.