What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks
Date: December 2015
Publication: 9th International Conference on Passwords (Passwords15 London). Lecture Notes in Computer Science, Volume 9551
Page(s): 72 - 91
Source 1: http://people.scs.carleton.ca/~paulv/papers/passwords_full.pdf
Source 2: https://people.inf.ethz.ch/barrerad/files/passwords15-abdou.pdf
Source 3: https://dx.doi.org/10.1007/978-3-319-29938-9_6 - Subscription or payment required
We report on what we believe to be the largest dataset (to date) of automated secure shell (SSH) bruteforce attacks. The dataset includes plaintext password guesses in addition to timing, source, and username details, which allows us to analyze attacker behaviour and dynamics (e.g., coordinated attacks and password dictionary sharing). Our methodology involves hosting six instrumented SSH servers in six cities. Over the course of a year, we recorded a total of ~17M login attempts originating from 112 different countries and over 6 K distinct source IP addresses. We shed light on attacker behaviour, and based on our findings provide recommendations for SSH users and administrators.
PasswordResearch.com Note: Video of presentation available: https://www.youtube.com/watch?v=TbBhvjUP7Ps
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.