BSDCan2013 - Final
BSDCan 2013
The Technical BSD Conference
| Speakers | |
|---|---|
|
Peter Hansteen |
| Schedule | |
|---|---|
| Day | Talks - Day 1 - 2013-05-17 |
| Room | MRT 221 |
| Start time | 16:30 |
| Duration | 01:00 |
| Info | |
| ID | 403 |
| Event type | Lecture |
| Track | Security |
| Language used for presentation | English |
The Hail Mary Cloud And The Lessons Learned
The Future Of Botnets: Low Intensity, Distributed
There was a time when brute force attacks were all rapid-fire and easily blackholed on sight. That changed during the late 2000s: The low intensity, widely distributed password guessing botnet dubbed "The Hail Mary Cloud" that made its debut in 2007 was remarkable for three things:
- the service it targeted was SSH, an almost exclusively Unixish-based phenomenon
- the glacial pace of attack from each of the participants
- the apparent stay-below-the-radar profile
Against ridiculous odds and eventually even some media focus, the botnet apparently thrived for several years. This session presents the known facts as seen by an early observer, proceeds to an analysis of the patterns observed during the various encounters with the phenomenon, with conclusions that may have implications for current detection and prevention stratgies and points to remember when formulating future approaches to network security.