As part of my project to create a Kibana dashboard to visualize my external threats, I decided I wanted a map view of where the IP addresses were coming from with geoip data. By default, Filebeat installs several dashboards that I used as inspiration, and saw what could be done, so I set out to imitate them.

Continue reading “Adding A Custom GeoIP Field to Filebeat And ElasticSearch”

We’re always told that the internet is a very dangerous place, but that is a very abstract threat. I have often found myself in a position where I tell people that the internet is dangerous, but I have no real data to back this up.

Therefore, my latest project was a deep dive into trying to figure out, for myself, how likely I was to get attacked if I had a server open to the internet. I know that it’s not a matter of ‘if’, but of ‘when’, but I wanted to quantify the ‘when’ as well as the ‘what’.

The Plan

My plan has 3 phases. Generally, I am going to use an SSH (Secure Shell) server to act as a honeypot to lure in attackers. SSH is the black terminal window that people associate with Linux (and Jurassic Park).

SSH uses a server that listens usually on port 22, and when you log into a Linux server, you’re often using that.

So my plan is:

1. Determine the general external threat: what is my router blocking?
2. Determine the time it takes for a slightly hidden server that has an ssh port forwarded to it to come under direct attack
3. Profile the attack on ssh to see how the attack takes place.

Continue reading “Your Home Network Is Under Attack 5000 Times A Day.”