Getting back at Trudy Tobias Fiebig Getting back at Trudy Introduction SSH-Bruteforce SSH Botnet Member Credential Collection Attacks using The Idea Connect Back Honeypots Ethical Implications Legal Implications The Software Tobias Fiebig What it is... How it works... Experiments University of Amsterdam Single Hosts Whole Networks Results 01/08/2013 Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
The Problem... Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks The Idea • SSH-Bruteforcing. Ethical Implications Legal • Systems on the internet trying to authenticate to your Implications The Software system with all kinds of stupid usernames and passwords. What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Ok, hands up... Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks The Idea • Ok? Who had the problem of being owned by an Ethical Implications SSH-Bruteforcer? Legal Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Ok, hands up... Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks The Idea • Ok? Who had the problem of being owned by an Ethical Implications SSH-Bruteforcer? Legal Implications • Ok, lets ask differently... Who knows somebody who has a The Software What it is... friend whose father in law’s dog once had this problem... ? How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Honestly... hit me as well... Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks The Idea Ethical Implications Legal Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Where do these systems come from? Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks The Idea Ethical Implications Legal Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Where do these systems come from? Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks • Probably not the attackers homebox... The Idea Ethical Implications Legal Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Where do these systems come from? Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks • Probably not the attackers homebox... The Idea Ethical • But what kind of system could such an attacker have at Implications Legal Implications his disposal? The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Where do these systems come from? Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks • Probably not the attackers homebox... The Idea Ethical • But what kind of system could such an attacker have at Implications Legal Implications his disposal? The Software • Yes, systems they penetrated by Bruteforcing the SSH What it is... How it works... daemon... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
What do we know about these systems? Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks The Idea Ethical Implications Legal Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
What do we know about these systems? Getting back at Trudy Tobias Fiebig Introduction • You get detected if you change the password. SSH-Bruteforce Attacks The Idea Ethical Implications Legal Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
What do we know about these systems? Getting back at Trudy Tobias Fiebig Introduction • You get detected if you change the password. SSH-Bruteforce Attacks The Idea • The password that is used, is probably in the attackers Ethical Implications Legal wordlist. Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
What do we know about these systems? Getting back at Trudy Tobias Fiebig Introduction • You get detected if you change the password. SSH-Bruteforce Attacks The Idea • The password that is used, is probably in the attackers Ethical Implications Legal wordlist. Implications The Software • The attacker runs his SSH Bruteforcing Software on that What it is... How it works... machine. Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
What do we know about these systems? Getting back at Trudy Tobias Fiebig Introduction • You get detected if you change the password. SSH-Bruteforce Attacks The Idea • The password that is used, is probably in the attackers Ethical Implications Legal wordlist. Implications The Software • The attacker runs his SSH Bruteforcing Software on that What it is... How it works... machine. Experiments • Wait... what? Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Research Question: Does this work? Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks The Idea Ethical Implications Legal Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Ethical Implications Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks • Subjects may be unaware of infection/participation in the The Idea Ethical research. Implications Legal Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Ethical Implications Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks • Subjects may be unaware of infection/participation in the The Idea Ethical research. Implications Legal • Inform subjects. Has been done via appropriate channels. Implications The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Ethical Implications Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks • Subjects may be unaware of infection/participation in the The Idea Ethical research. Implications Legal • Inform subjects. Has been done via appropriate channels. Implications The Software • Gathered data is pretty sensitive. What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Ethical Implications Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks • Subjects may be unaware of infection/participation in the The Idea Ethical research. Implications Legal • Inform subjects. Has been done via appropriate channels. Implications The Software • Gathered data is pretty sensitive. What it is... How it works... • Fully anonymize data before publication. Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Legal Implications Getting back at Trudy Tobias Fiebig Introduction SSH-Bruteforce Attacks The Idea • Different jurisdictions touched. Ethical Implications • In nearly all cases: Unauthorized logins prohibited by Legal Implications applicable law. The Software What it is... How it works... Experiments Single Hosts Whole Networks Results Single Hosts Whole Networks Something funny... Conclusion Tobias Fiebig Getting back at Trudy
Recommend
More recommend