Hail Mary Cloud

The Hail Mary Cloud was, or is, a password guessing botnet, which used a statistical equivalent to brute force password guessing.

The botnet ran from possibly as early as 2005,[1] and certainly from 2007 until 2012 and possibly later. The botnet was named and documented by Peter N. M. Hansteen.[2]

The principle is that a botnet can try several thousands of more likely passwords against thousands of hosts, rather than millions of passwords against one host. Since the attacks were widely distributed, the frequency on a given server was low and was unlikely to trigger alarms.[2] Moreover, the attacks come from different members of the botnet, thus decreasing the effectiveness of both IP based detection and blocking.

References

Javed, Mobin; Paxson, Vern (2013). Detecting stealthy, distributed SSH brute-forcing. New York, New York, USA: ACM Press. doi:10.1145/2508859.2516719.
Hansteen, Peter (2013), The Hail Mary Cloud And The Lessons Learned, Berkeley System Distribution (BSD), Andrea Ross, doi:10.5446/19183, retrieved 2021-04-11

External links

That grumpy BSD guy: The Hail Mary Cloud And The Lessons Learned

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] Javed, Mobin; Paxson, Vern (2013). Detecting stealthy, distributed SSH brute-forcing. New York, New York, USA: ACM Press. doi:10.1145/2508859.2516719.

[:0-2] Hansteen, Peter (2013), The Hail Mary Cloud And The Lessons Learned, Berkeley System Distribution (BSD), Andrea Ross, doi:10.5446/19183, retrieved 2021-04-11