Title :
SSH Dictionary Attack and DNS Reverse Resolution Traffic in Campus Network
Author :
Kumagai, Masaya ; Musashi, Yasuo ; Romaña, Dennis Arturo Ludeña ; Takemori, Kazuya ; Kubota, Shinichiro ; Sugitani, Kenichi
Author_Institution :
Grad. Sch. of Sci. & Technol., Kumamoto Univ., Kumamoto, Japan
Abstract :
We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university campus network to the top domain DNS server through March 14th, 2009, when the network servers in the campus network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the network servers, especially, they have a function of SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, and (3) the variance can change in a sharp manner through 07:30-08:30. From these results, it is clearly concluded that we can detect the inbound SSH dictionary attack to the network server by only observing the variance of the total PTR RR based DNS query request packet traffic from the network servers in the campus network.
Keywords :
computer network security; local area networks; network servers; statistical analysis; telecommunication traffic; DNS query packet traffic; DNS reverse resolution traffic; PTR resource record; SSH dictionary attack; SSH service; domain DNS server; network server; statistical analysis; university campus network; DNS based Detection; SSH brute force attack; SSH dictionary attack;
Conference_Titel :
Intelligent Networks and Intelligent Systems (ICINIS), 2010 3rd International Conference on
Conference_Location :
Shenyang
Print_ISBN :
978-1-4244-8548-2
Electronic_ISBN :
978-0-7695-4249-2
DOI :
10.1109/ICINIS.2010.9
