Proudly presenting: SSHCure v2.0! Available as of today on SourceForge (yeah I know).
SSHCure is a plugin for the NfSen framework. It's a tool to detect SSH scans, brute-force attacks and possible compromises based on NetFlow data. If you have an NfSen install running somewhere, check it out: the provided
install-svn-trunk.sh make installation a breeze. Screenshots are provided on the SourceForge page.
For those who like SCIENCE, check the published white paper but keep in mind that it is based on SSHCure v1.0 and we've come a long way in the mean time.
Shout-out to co-dev Rick for the great collaboration. Let's get that v2.1 out there.