We studied Brute-force SSH attacks carried out on six different universities campus networks by using Honeypot Techniques. Brute-force password guessing attacks against SSH, FTP and telnet servers are the most common form of attack to compromise servers facing the internet. A key factor to avoid disruption of these networks is to defend it against Brute-force attacks. We focused on the attempts to gain remote access to our SSH Honeypots Plus Tools and techniques employed. There are striking similarities in the methods used to attack these dissimilar systems. The evidence shows that, pre-compiled lists of usernames and passwords that are widely shared form the basis for brute-force attacks. When the passwords were analysed, it was found that in the event of actual malicious traffic what was commonly understood to be strong password did not protect the systems from being compromised. The data from the study were used to evaluate the efficacy of a variety of techniques designed to defend the systems against these attacks. Table 17 lists some commonly recommendation for the protection of SSH servers.
[1]
Marc Dacier,et al.
Lessons learned from the deployment of a high-interaction honeypot
,
2006,
2006 Sixth European Dependable Computing Conference.
[2]
Hovav Shacham,et al.
On the effectiveness of address-space randomization
,
2004,
CCS '04.
[3]
William Yurcik,et al.
Internet honeypots: protection or entrapment?
,
2002,
IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293).
[4]
Robin Berthier,et al.
Profiling Attacker Behavior Following SSH Compromises
,
2007,
37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).