Hail Mary Cloud

The Hail Mary Cloud was, or is, a botnet which used a statistical equivalent to brute force password guessing.

The botnet ran from possibly as early as 2005,[1] and certainly from 2008 until 2012 and possibly later. The botnet was named and documented by Peter N. M. Hansteen.

The principle is that a botnet can try several thousands of more likely passwords against thousands of hosts, rather than millions of passwords against one host. Because the attack is distributed, the frequency on a given server is low, and unlikely to trigger alarms. Moreover, the attacks will come from different members of the botnet, thus decreasing the effectiveness of both IP based detection and blocking.

References

http://www.icir.org/vern/papers/dist-ssh-det.ccs13.pdf

External links

http://bsdly.blogspot.co.uk/2013/10/the-hail-mary-cloud-and-lessons-learned.html

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] ttp://www.icir.org/vern/papers/dist-ssh-det.ccs13.pdf