BSDCan2013 - Final

BSDCan 2013
The Technical BSD Conference

Peter Hansteen
Day Talks - Day 1 - 2013-05-17
Room MRT 221
Start time 16:30
Duration 01:00
ID 403
Event type Lecture
Track Security
Language used for presentation English

The Hail Mary Cloud And The Lessons Learned

The Future Of Botnets: Low Intensity, Distributed

There was a time when brute force attacks were all rapid-fire and easily blackholed on sight. That changed during the late 2000s: The low intensity, widely distributed password guessing botnet dubbed "The Hail Mary Cloud" that made its debut in 2007 was remarkable for three things:

  • the service it targeted was SSH, an almost exclusively Unixish-based phenomenon
  • the glacial pace of attack from each of the participants
  • the apparent stay-below-the-radar profile

Against ridiculous odds and eventually even some media focus, the botnet apparently thrived for several years. This session presents the known facts as seen by an early observer, proceeds to an analysis of the patterns observed during the various encounters with the phenomenon, with conclusions that may have implications for current detection and prevention stratgies and points to remember when formulating future approaches to network security.