SSH Dictionary Attack and DNS Reverse Resolution Traffic in Campus Network

Author

Kumagai, Masaya ; Musashi, Yasuo ; Romaña, Dennis Arturo Ludeña ; Takemori, Kazuya ; Kubota, Shinichiro ; Sugitani, Kenichi

Author_Institution

Grad. Sch. of Sci. & Technol., Kumamoto Univ., Kumamoto, Japan

fYear

2010

fDate

1-3 Nov. 2010

Firstpage

645

Lastpage

648

Abstract

We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university campus network to the top domain DNS server through March 14th, 2009, when the network servers in the campus network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the network servers, especially, they have a function of SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, and (3) the variance can change in a sharp manner through 07:30-08:30. From these results, it is clearly concluded that we can detect the inbound SSH dictionary attack to the network server by only observing the variance of the total PTR RR based DNS query request packet traffic from the network servers in the campus network.

Keywords

computer network security; local area networks; network servers; statistical analysis; telecommunication traffic; DNS query packet traffic; DNS reverse resolution traffic; PTR resource record; SSH dictionary attack; SSH service; domain DNS server; network server; statistical analysis; university campus network; DNS based Detection; SSH brute force attack; SSH dictionary attack;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Networks and Intelligent Systems (ICINIS), 2010 3rd International Conference on

Conference_Location

Shenyang

Print_ISBN

978-1-4244-8548-2

Electronic_ISBN

978-0-7695-4249-2

Type

conf

DOI

10.1109/ICINIS.2010.9

Filename

5693787