Hail Mary Cloud
Appearance
This article needs additional citations for verification. (August 2020) |
The Hail Mary Cloud was, or is, a password guessing botnet, which used a statistical equivalent to brute force password guessing.
The botnet ran from possibly as early as 2005,[1] and certainly from 2007 until 2012 and possibly later. The botnet was named and documented by Peter N. M. Hansteen.[2]
The principle is that a botnet can try several thousands of more likely passwords against thousands of hosts, rather than millions of passwords against one host. Since the attacks were widely distributed, the frequency on a given server was low and was unlikely to trigger alarms.[2] Moreover, the attacks come from different members of the botnet, thus decreasing the effectiveness of both IP based detection and blocking.
References
[edit]- ^ Javed, Mobin; Paxson, Vern (2013). "Detecting stealthy, distributed SSH brute-forcing". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. New York, New York, USA: ACM Press. pp. 85–96. CiteSeerX 10.1.1.392.1199. doi:10.1145/2508859.2516719. ISBN 9781450324779.
- ^ a b Hansteen, Peter (2013), The Hail Mary Cloud And The Lessons Learned, Berkeley System Distribution (BSD), Andrea Ross, doi:10.5446/19183, retrieved 2021-04-11