Zombie machines used in 'brutal' SSH attacks

    Date02 Jun 2005
    10838
    Posted ByBrittany Day
    It's a tedious activity that can put the best of IT administrators to sleep. But as security and compliance manager for a large U.S. healthcare organization, Adam Nunn has learned to study his network activity logs religiously. He knows that when the bad guys work overtime to break his defenses, those logs can be the first sign of trouble.

    He had a more relaxed approach to log checking at home. But one day he had a look and was alarmed to find that more than 1,000 brute force attacks had been targeting his personal Web server for a month.

    "Unless you check your logs, you won't notice this kind of thing," Nunn said. "The fact that tons of these attacks were directed at my home Web server tells me some much larger attacks are going on and that enterprises are a target. This really worries me on the enterprise front."

    David Hoelzer, owner of security research firm Cyber-Defense, said Nunn's concern is well justified. In the last few months he's seen a dramatic spike in Secure Shell [SSH] brute force authentication attacks and wordlist/username attacks. Like Nunn, he's comparing notes with other security professionals and finding that it's happening on a much broader scale. What's worse is that hackers are using a growing army of zombie machines to pull it off.

    "If I were an IT admin checking my logs and seeing this for the first time, I'd be feeling a sense of dread," Hoelzer said. "This tells you that hackers are getting much better at cracking SSH. It took a long time for people to switch from Telnet to SSH, which is more secure. But if you're able to break into a network through Secure Shell, the attack is encrypted and it's a lot harder to trace."

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"82","type":"x","order":"1","pct":56.16,"resources":[]},{"id":"88","title":"Should be more technical","votes":"22","type":"x","order":"2","pct":15.07,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"42","type":"x","order":"3","pct":28.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.