Analysis and prevention of network password guessing attacks in an enterprise environment

Common tools are available to protect individual computers against malicious password guessing attacks affecting services like ssh or imap. This paper takes such tools to the next level by proposing network-wide defense strategies and by presenting an implementation of a system that creates a collective defense. Such a system is useful in enterprise environments where frequent ssh scans waste bandwidth and some aggressive imap scans can induce denial of service to mail servers. The defense system is based on a set of computers that maintain a common database about the individual attacks. By interpreting the events stored in the database, every computer on the network can preemptively block attackers. The main objectives of the design of this system are to avoid creating a single point of failure by using a distributed database, and to handle the entire configuration of the participants from one single file. A variety of attack scenarios are studied to improve the efficiency of the defense.