The Slow Bruteforce Botnet(s) May Be Learning

I noticed mass amounts of failed ssh logins on my server in November, too. It was apparent that a botnet was hitting on me, but I never put two and two together until I looked over the logs and noted the alphabetical nature of the attempts coming from different hosts. That indicated coordinated attacks - all of which have so far failed, I might add, although the bandwidth and disk time wasted in defeating them was considerable.

badger.foo writes "We've seen stories about the slow bruteforcers — we've discussed it here — and based on the data, my colleague Egil Möller was the first to suggest that since we know the attempts are coordinated, it is not too far-fetched to assume that the controlling system measures the rates of success for each of the chosen targets and allocates resources accordingly. (The probes of my systems have slowed in the last month.) If Egil's assumption is right, we are seeing the bad guys adapting. And they're avoiding OpenBSD machines." For fans of raw data, here are all the log entries (3MB) that badger.foo has collected since noticing the slow bruteforce attacks.

(link) [Slashdot]

08:42 /Technology | 0 comments | permanent link