What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks
Authors: AbdelRahman Abdou, David Barrera, P.C. van Oorschot

Date: December 2015
Publication: 9th International Conference on Passwords (Passwords15 London). Lecture Notes in Computer Science, Volume 9551
Page(s): 72 - 91
Publisher: Springer
Source 1: http://people.scs.carleton.ca/~paulv/papers/passwords_full.pdf
Source 2: https://people.inf.ethz.ch/barrerad/files/passwords15-abdou.pdf
Source 3: https://dx.doi.org/10.1007/978-3-319-29938-9_6 - Subscription or payment required

Abstract or Summary:
We report on what we believe to be the largest dataset (to date) of automated secure shell (SSH) bruteforce attacks. The dataset includes plaintext password guesses in addition to timing, source, and username details, which allows us to analyze attacker behaviour and dynamics (e.g., coordinated attacks and password dictionary sharing). Our methodology involves hosting six instrumented SSH servers in six cities. Over the course of a year, we recorded a total of ~17M login attempts originating from 112 different countries and over 6 K distinct source IP addresses. We shed light on attacker behaviour, and based on our findings provide recommendations for SSH users and administrators.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=TbBhvjUP7Ps

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019 PasswordResearch.com