Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Slow Bruteforce Botnet(s) May Be Learning

Posted by kdawson on from the knock-who's-there-knock dept.

badger.foo writes "We've seen stories about the slow bruteforcers — we've discussed it here — and based on the data, my colleague Egil Möller was the first to suggest that since we know the attempts are coordinated, it is not too far-fetched to assume that the controlling system measures the rates of success for each of the chosen targets and allocates resources accordingly. (The probes of my systems have slowed in the last month.) If Egil's assumption is right, we are seeing the bad guys adapting. And they're avoiding OpenBSD machines." For fans of raw data, here are all the log entries (3MB) that badger.foo has collected since noticing the slow bruteforce attacks.

22 of 327 comments (clear)

  1. Re:Solution: Public Key Auth by Hojima · · Score: 5, Funny

    The other solution is to use asshole seeking missiles on the botnets. Of course it would probably end up leading astray from the pricks with the checklist that always responds to peoples' solutions to spam.

    --
    Help fight spam
  2. Re:Solution: Public Key Auth by Anonymous Coward · · Score: 1, Funny

    The other solution is to use asshole seeking missiles on the botnets

    I didn't know bots had assholes. Well, besides Bender.

  3. Re:Solution: Public Key Auth by Anonymous Coward · · Score: 5, Funny

    That wont work and Ill tell you why:

    1)Those launching the missiles also have assholes.
    2)Knives would be funner
    3)Barney sucks
    4)People like checklists

  4. Next Slashdot headlines... by Anonymous Coward · · Score: 5, Funny
    • The Slow Bruteforce Botnet(s) may be learning
    • The Slow Bruteforce Botnet(s) are learning at an exponential rate
    • The Slow^H^H^H^HFast Bruteforce Botnet(s) become self-aware at 2:19 AM, August 29
    • Botnet masters try to pull plug, botnets fight back with DDoSur8ghgw43899 NO CARRIER
  5. Re:AI by Anonymous Coward · · Score: 0, Funny

    I, for one, welcome our new botnet overlords.

  6. If only it were so simple by failedlogic · · Score: 4, Funny

    At the risk of being unpopular ..... Just turn off the Internet already!

  7. Re:AI by Fluffeh · · Score: 5, Funny

    Because computers are widely known for their common sense?

    It's like saying to a robot "Can you watch this lamb in the oven?" and they do. They bloody watch it burning for three hours.

    Ahh thank you Red Dwarf, even historically, you were so accurate of the future...

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  8. Re:Solution: Public Key Auth by beav007 · · Score: 4, Funny

    Since changing my SSH ports to something really high (above 50000), I have had exactly *zero* failed password attempts in the last 14 months.

    That means that you haven't been attacked by a portscanning bot yet.

    That or they got the password right...

  9. Re:Solution: Public Key Auth by techno-vampire · · Score: 5, Funny
    It really makes me wonder where they're getting them.

    One way to get them is to set up some sort of site that logically requires you to log in, let it become popular, then harvest the password file and use it in your attacks. Be sure to make the site geeky, though, to get good passwords and give it an attention-getting name. Something like "Slashdot."

    --
    Good, inexpensive web hosting
  10. Re:Solution: Public Key Auth by beav007 · · Score: 3, Funny

    Do you happen to use Debian by any chance? It may only take 4 or 5 tries...

    ;)

  11. Re:Solution: Public Key Auth by Anonymous Coward · · Score: 1, Funny

    Since changing my SSH ports to something really high (above 50000), the botnets guess my password correctly every time! I haven't seen any failed password attempts in months!!@#

  12. skynet is gaining power by Joe+The+Dragon · · Score: 1, Funny

    skynet is gaining power

  13. Re:Solution: Public Key Auth by ion.simon.c · · Score: 4, Funny

    Unfortunately, this is often too hard for your users.

    :(
    We need to grow smarter users.

  14. Re:Solution: Public Key Auth by chaim79 · · Score: 5, Funny

    Yah but two anecdote's don't make a parable... right?

    --
    DEMETRIUS: Villain, what hast thou done?
    AARON: Villain, I have done thy mother.
    Shakespeare invents 'your mom'
  15. Re:"Correct" Remote Access Protocols by Anonymous Coward · · Score: 2, Funny

    Tracert (traceROOT)

    Excellent...

  16. Re:Solution: Public Key Auth by ion.simon.c · · Score: 5, Funny

    You seem to be a chatbot. I'm not sure how you got onto slashdot, but welcome!

  17. Re:How do the botnets know it's OpenBSD? by Slashdotvagina · · Score: 4, Funny

    You can infer a lot about the OS from the way it crafts it's packets.

    Similarly, you can learn a lot about a person from the way it crafts it is sentences.

    --
    Advertising that I'm a girl on Slashdot since 2008.
  18. Re:OpenBSD hosts make stupid targets... by Anne+Thwacks · · Score: 4, Funny
    will OpenBSD refuse a valid username and password combination because the person logging in has a hidden evil deep in their hearts

    Yes

    You are obviously a Windows user.

    --
    Sent from my ASR33 using ASCII
  19. Re:Solution: Public Key Auth by maxume · · Score: 4, Funny

    Using a high port number is like parking in an empty part of a parking lot. It adds a small amount of inconvenience, reduces the likelihood of an incident, but fails to mitigate any of the consequences of an incident that does happen.

    --
    Nerd rage is the funniest rage.
  20. Re:Solution: Public Key Auth by nizo · · Score: 2, Funny

    I always park in an empty part of the parking lot. I tried parking in the occupied parts, but my car is too small to shove all those other cars out of the way.

    --
    I Am My Own Worst Enemy
  21. Re:Solution: Public Key Auth by An+ominous+Cow+art · · Score: 2, Funny

    In post-Soviet Russia, ASSHOLES have BOTNETS!

    Sorry, all.

  22. Re:Solution: Public Key Auth by cstdenis · · Score: 3, Funny

    Your post advocates a

    ( ) technical ( ) legislative ( ) market-based (X) vigilante

    approach to fighting botnets. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) No one will be able to find the guy or collect the money
    (X) It is defenseless against brute force attacks
    ( ) Microsoft will not put up with it
    (X) The police will not put up with it
    ( ) Requires too much cooperation from botnetters
    ( ) Requires immediate total cooperation from everybody at once
    (X) Anyone could anonymously destroy anyone else

    Specifically, your plan fails to account for

    (X) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority
    ( ) Open relays in foreign countries
    ( ) Asshats
    (X) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Joe jobs and/or identity theft
    (X) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering

    and the following philosophical objections may also apply:

    (X) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (X) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    (X) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    (X) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!

    --
    1984 was not supposed to be an instruction manual.