Refine your search
Collections
Co-Authors
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Acharya, Haridas
- An Experimental Study of SSH Attacks by using Honeypot Decoys
Abstract Views :441 |
PDF Views:0
Authors
Esmaeil Kheirkhah
1,
Sayyed Mehdi Poustchi Amin
2,
Hediyeh AmirJahanshahi Sistani
2,
Haridas Acharya
3
Affiliations
1 Department of Computer Engineering, Mashhad Branch, Islamic Azad University, IR
2 Department of Computer Studies and Research, Symbiosis International University, Pune, IN
3 Allana Institute of Management Science, Pune University, Pune, IN
1 Department of Computer Engineering, Mashhad Branch, Islamic Azad University, IR
2 Department of Computer Studies and Research, Symbiosis International University, Pune, IN
3 Allana Institute of Management Science, Pune University, Pune, IN
Source
Indian Journal of Science and Technology, Vol 6, No 12 (2013), Pagination: 5567–5578Abstract
We studied Brute-force SSH attacks carried out on six different universities campus networks by using Honeypot Techniques. Brute-force password guessing attacks against SSH, FTP and telnet servers are the most common form of attack to compromise servers facing the internet. A key factor to avoid disruption of these networks is to defend it against Brute-force attacks. We focused on the attempts to gain remote access to our SSH Honeypots Plus Tools and techniques employed. There are striking similarities in the methods used to attack these dissimilar systems. The evidence shows that, pre-compiled lists of usernames and passwords that are widely shared form the basis for brute-force attacks. When the passwords were analysed, it was found that in the event of actual malicious traffic what was commonly understood to be strong password did not protect the systems from being compromised. The data from the study were used to evaluate the efficacy of a variety of techniques designed to defend the systems against these attacks. Table 17 lists some commonly recommendation for the protection of SSH servers.Keywords
Honeypot, Honeynet, Internet Attacks, Network Security, SSH, Brute-force, MalwareReferences
- Spitzner L (2002). Honeypots, tracking the hackers. Available from: http://www.tracking-hackers.com
- Scottberg B, Yurcik W et al. (2002). Internet honeypots: protection or entrapment, In IEEE International Symposium on Technology and Society (ISTAS), 387–391.
- Lonvick C (2006). The Secure Shell (SSH) protocol architecture, IETF RFC 4251. Available from: http://www.ietf.org/rfc/rfc4251.txt
- Ramsbrock D, Berthier R et al. (2007). Profiling attacker behavior following SSH Compromises, Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 119–124.
- Seifert C (2006). Analyzing malicious SSH login attempts. Available from: http://www.securityfocus.com/infocus/1876
- Alata E, Nicomette V et al. (2006). Lessons learned from the deployment of a high-interaction honeypot, In Proceedings of Dependable Computing Conference (EDCC06), 39–46.
- SANS Institute (2007). SANS Top-20 2007 Security Risks (2007 Annual Update). Available from: http://www.sans.org/top20/2007/
- Kojoney Project (2011). Available from: http://kojoney.sourceforge.net
- The new P0f (2011). Available from: http://lcamtuf.coredump.cx/p0f.shtml
- Kojoney-patch (2011). Available from: http://code.google.com/p/kojoney-patch
- Python (2011). Available from: http://www.python.org
- Event-driven networking engine written in Python (2011). Available from: http://twistedmatrix.com
- Perl (2011). Available from: http://www.perl.org
- The XMPP Standards Foundation (2011). Available from: http://xmpp.org
- Welcome to DenyHosts (2011). Available from: http://denyhosts.sourceforge.net
- Toponce A (2011). OpenSSH best practices. Available from: http://pthree.org/2011/07/22/openssh-best-practice
- Observations of login activity in an SSH honeypot (2011). Available from: http://www.cisco.com/web/about/security/intelligence/ssh-security.html
- Most of the hackers use Linux (2011). Available from: http://www.mylot.com/w/discussions/2101732.aspx
- Libssh - the SSH library (2011). Available from: http://www.libssh.org
- Nepenthes–finest collection (2011). Available from: http://nepenthes.carnivore.it
- Ormandy T, and Tinnes J (2009). Linux ASLR curiosities. Available from: http://www.cr0.org/paper/to-jt-linux-alsr-leak.pdf
- Shacham H, and Page M (2004). On the effectiveness of address-space randomization, CCS’04 Proceedings of the 11th ACM conference on Computer and Communications Security, 298–307.
- Baker P (2011). Is linux really more secure than windows? Available from: http://www.esecurityplanet.com/trends/article.php/3933491/Is-Linux-Really-More-Secure-than-Windows.htm
- Krzywinski M (2003). Port knocking: network authentication across closed ports, SysAdmin Magazine, vol 12(6), 12–170.
- Rogers P, and Hering R (2011). RACF and digital certificates. Security Server RACF Security Administrator's Guide, 14th Edn., IBM Redbooks, USA, 571–631.
- Single Packet Authorization with Fwknop (2005]). Available from: www.cipherdyne.org/fwknop/docs/SPA.html
- CrackLib (2008). Available from: http://sourceforge.net/projects/cracklib
- Password/passphrase strength checking and enforcement (2010). Available from: http://www.openwall.com/passwdqc
- Fast Packet Classification, Using the Recursive Dimensional Cutting by Dimcut Packet Classification Algorithm, with Analysis
Abstract Views :242 |
PDF Views:0
Authors
Affiliations
1 Department of Computer Studies and Research, Symbiosis International University, Pune, IN
2 Allana Institute of Management Science, Pune University, Pune, IN
1 Department of Computer Studies and Research, Symbiosis International University, Pune, IN
2 Allana Institute of Management Science, Pune University, Pune, IN