Brute force SSH attack confounds defenders
PrintWho are those guys?
Posted in Enterprise Security, 8th December 2008 11:58 GMT
Free whitepaper – Dell solid state disk (SSD) drives
Security researchers are struggling to combat a sophisticated brute-force attack against SSH servers.
Instead of using the same compromised machine to try multiple password combination, the newer attack relies on coordination among multiple botnet clients. Also, instead of throwing this resource at random Secure Shell (SSH) remote admin servers, the assault is targeted at specific servers.
The approach, which is more likely to defeat basic rate-based security defences, first emerged after security researchers noticed a spike in failed SSH logins back in October, and remains ongoing. Countermeasures such as the use of IP blocklists of known compromised hosts have been applied to mitigate the attack, but these are only partially successful, Arbor Networks warned on Friday.
A recent comparison between a blacklist created by Arbor's SSH scanner and another blacklist revealed a 12 per cent overlap, suggesting many compromised hosts remain unlogged.
Much about the attack remains unclear. For example, security firms are yet to isolate samples of the botnet code behind the attack. ®
What Exchange can't do - and Dell can
Enabling the Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive