A Study of Passwords and Methods Used in Brute-Force SSH Attacks
Date: April 2008
Publication: First USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET '08
Source 1: http://people.clarkson.edu/~jnm/publications/leet08.pdf
Source 2: https://www.usenix.org/legacy/confadmin/leet08/papers/L12/content.pdf
In its Top-20 Security Risks report for 2007, the SANS Institute called brute-force password guessing attacks against SSH, FTP and telnet servers “the most common form of attack to compromise servers facing the Internet.” A recent study also suggests that Linux systems may play an important role in the command and control networks for botnets. Defending against brute-force SSH attacks may therefore prove to be a key factor in the effort to disrupt these networks. In this paper, we report on a study of brute-force SSH attacks observed on three very different networks: an Internet-connected small business network, a residential system with a DSL Internet connection, and a university campus network. The similarities observed in the methods used to attack these disparate systems are quite striking. The evidence suggests that many brute-force attacks are based on pre-compiled lists of usernames and passwords, which are widely shared. Analysis of the passwords used in actual malicious traffic suggests that the common understanding of what constitutes a strong password may not be sufficient to protect systems from compromise. Study data are also used to evaluate the effectiveness of a variety of techniques designed to defend against these attacks.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.