Monday, 9 February 2015

DDoS Botnet Is Linux Servers Via SSH

Linux Servers are already several months the target of a DDoS botnet machines via SSH trying to take over in order to use them subsequently for DDoS attacks. The attack consists of three different phases where tens of thousands of passwords are trying to log in via SSH.

The botnet infected machines leaving out a certain number of times to log in before the next IP address is used to carry out the attack. According to security firm FireEye use the assailants include a modified version of the Rock You password list .In case the login attempt is successful is immediately logged out. Within 24 hours is logged in from a different IP address.The attackers do this in a way that they know to bypass the default logging and thus leave no trace.

After being signed is ultimately the "XOR.DDoS" malware installed. On the honeypotservers of FireEye were nearly 1 million logins attackers observed within three months. According to researchers at the company XOR.DDoS one of the more advanced malware families for Linux. It also supports multiple platforms, including x86 and ARM. "Network devices and embedded systems are vulnerable to brute force SSH attacks," said analyst Michael Lin.

He notes that it is not always possible or apparent to end users how these systems can be protected against these attacks.However, users are advised to set as their SSH server that encryption keys are used instead of passwords. Furthermore, it is advised to turn off the remote login to the root account. Also the use of fail2ban is recommended.

"Brute force attacks are one of the oldest attacks. Because it avoids many there are plenty of solutions available to protect against it. Yet many systems vulnerable," Lin says. He warns that the brutal Forcen of credentials in the Top 10 of methods is allowing companies to be hacked.

No comments:

Post a Comment