Brute force SSH attack confounds defenders
Print storyWho are those guys?
Posted in Enterprise Security, 8th December 2008 11:58 GMT
Free whitepaper – Extended Validation SSL Certificates
Security researchers are struggling to combat a sophisticated brute-force attack against SSH servers.
Instead of using the same compromised machine to try multiple password combination, the newer attack relies on coordination among multiple botnet clients. Also, instead of throwing this resource at random Secure Shell (SSH) remote admin servers, the assault is targeted at specific servers.
The approach, which is more likely to defeat basic rate-based security defences, first emerged after security researchers noticed a spike in failed SSH logins back in October, and remains ongoing. Countermeasures such as the use of IP blocklists of known compromised hosts have been applied to mitigate the attack, but these are only partially successful, Arbor Networks warned on Friday.
A recent comparison between a blacklist created by Arbor's SSH scanner and another blacklist revealed a 12 per cent overlap, suggesting many compromised hosts remain unlogged.
Much about the attack remains unclear. For example, security firms are yet to isolate samples of the botnet code behind the attack. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive