Brute force SSH attack confounds defenders
Who are those guys?
Posted in Enterprise Security, 8th December 2008 11:58 GMT
Free whitepaper – Solid State Drives and High-Speed Memory
Security researchers are struggling to combat a sophisticated brute-force attack against SSH servers.
Instead of using the same compromised machine to try multiple password combination, the newer attack relies on coordination among multiple botnet clients. Also, instead of throwing this resource at random Secure Shell (SSH) remote admin servers, the assault is targeted at specific servers.
The approach, which is more likely to defeat basic rate-based security defences, first emerged after security researchers noticed a spike in failed SSH logins back in October, and remains ongoing. Countermeasures such as the use of IP blocklists of known compromised hosts have been applied to mitigate the attack, but these are only partially successful, Arbor Networks warned on Friday.
A recent comparison between a blacklist created by Arbor's SSH scanner and another blacklist revealed a 12 per cent overlap, suggesting many compromised hosts remain unlogged.
Much about the attack remains unclear. For example, security firms are yet to isolate samples of the botnet code behind the attack. ®
Free whitepaper – Ensuring service assurance in the new normal
The Register Guide to Extended Validation
The Evolving Security Landscape
The Impact of IT Security Attitudes
Risk and Resilience
Linux on the Desktop
