Inoculating SSH Against Address Harvesting

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2006

Volumn , Issue , 2006, Pages

  Schechter, Stuart E ^a   Jung, Jaeyeon ^b   Stockwell, Will ^a   McLain, Cynthia ^a  

^a MIT LINCOLN LABORATORY   (United States)

^b MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; NETWORK SECURITY; VIRUSES;

ACADEMIC SYSTEM; ADDRESS LISTS; COMMERCIAL SYSTEMS; CREDENTIAL MANAGEMENT; EMAIL VIRUS; GOVERNMENT SYSTEMS; HOST AUTHENTICATION; MOST LIKELY; SECURE SHELL; TOP LEVEL DOMAINS;

HARVESTING;

EID: 39049090038     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (33)

1. D. J. Barrett and R. E. Silverman. SSH, the Secure Shell: The Definitive Guide. O’Reilly Media, Inc., Sebastopol, CA, Feb. 2001.
2. M. Bishop and D. V. Klein. Improving System Security via Proactive Password Checking. Computers and Security, 14(3):233–249, 1995.
3. S. I. S. Center. Port Graph (for port 22). http://isc.sans.org/port_details.php?port=22&days=70.
4. D. Dagon. Georgia Institute of Technology, Email correspondence, Dec. 10, 2004.
5. A. Evans Jr., W. Kantrowitz, and E. Weiss. A User Authentication Scheme Not Requiring Secrecy in the Computer. Communications of the ACM, 17(8):437–442, 1974.
6. F-Secure. F-Secure Virus Descriptions: Deloder. http://www.f-secure.com/v-descs/deloader.shtml.
7. S. Garfinkel, G. Spafford, and A. Schwartz. Practical UNIX & Internet Security. O’Reilly Media, Inc., Sebastopol, CA, 3rd edition, Feb. 2003.
8. V. Hazlewood. Security Technologies Manager, San Diego Supercomputer Center (SDSC), Telephone correspondence, Jan. 18, 2005.
9. Internet Assigned Numbers Authority. Internet Protocol v4 Address Space. http://www.iana.org/assignments/ipv4-address-space.
10. Internet Assigned Numbers Authority. RFC 3330: Special Use IPv4 Addresses. IETF, Sept. 2002.
11. M. Kaminsky. User Authentication and Remote Execution Across Administrative Domains. PhD thesis, Massachusetts Institute of Technology, Sept. 2004.
12. M. Kaminsky, E. Peterson, D. B. Giffin, K. Fu, D. Maziéres, and M. F. Kaashoek. REX: Secure, Extensible Remote Execution. In Proceedings of the 2004 USENIX Annual Technical Conference, pages 199–212, June 2004.
13. J. Markoff and L. Bergman. Internet Attack Called Broad and Long Lasting by Investigators. The New York Times, May 10, 2005.
14. R. Morris and K. Thompson. Password Security: A Case History. Communications of the ACM, 22(11):594–597, 1979.
15. N. I. of Standards and Technology. Secure Hash Standard. FIPS PUB 180-1, Apr. 17, 1995.
16. Petri Sakkinen, Director, Solution Marketing, SSH Communications Security. “SSH Worm” and SSH Communications Security. Email correspondence, archived at http://nms.csail.mit.edu/projects/ssh/SSHIncEmail.html, May 17, 2005.
17. S. C. Pinkerton. Network Solutions Manager, Argonne National Laboratory, Email correspondence, Feb. 4, 2005.
18. N. Provos and P. Honeyman. ScanSSH - Scanning the Internet for SSH Servers. In Proceedings of The 15th USENIX Systems Administration Conference (LISA), 2001.
19. S. E. Schechter, J. Jung, and A. W. Berger. Fast Detection of Scanning Worm Infections. In Proceedings of the Seventh International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Sept. 15–17, 2004.
20. B. Schneier and J. Kelsey. Secure Audit Logs to Support Computer Forensics. ACM Transactions on Information and System Security (TISSEC), 2(2):159–176, 1999.
21. K.-O. Security. SSH Remote Root Password Brute Force Cracker Utility. http://www.k-otik.com/exploits/08202004.brutessh2.c.php, Aug. 20, 2004.
22. A. Singer. Tempting Fate. ;login: The USENIX Magazine, 30(1), Feb. 2005.
23. E. H. Spafford. The Internet Worm Program: An Analysis. Technical Report CSD-TR-823, Purdue University Department of Computer Sciences, 1998.
24. SSH Communications Security. Statement: Secure Shell and Address Harvesting. http://www.ssh.com/company/newsroom/20050518_mit.html, May 18, 2005.
25. Symantec. Security response–W32.HLLW.Deloder. http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deloder.html.
26. Symantec. Security Response–W32.HLLW.Gaobot.AA. http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.aa.html.
27. Symantec. Security Response–W32.Lovgate.mm. http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html.
28. B. R. Waters, D. Balfanz, G. Durfee, and D. K. Smetters. Building an Encrypted and Searchable Audit Log. In Proceedings of the 11th Annual Network and Distributed Security Symposium (NDSS’04), Feb. 1–6, 2004.
29. WRQ. A Hypothetical Threat to SSH: What Customers Need to Know. http://www.wrq.com/products/whitepapers/0976.html, June 2005.
30. T. Wu. The Secure Remote Password Protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97–111, Mar. 1998.
31. J. Xu, J. Fan, M. H. Ammar, and S. B. Moon. Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme. In Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP’02), Nov. 12–15, 2002.
32. B. S. Yee and M. Bellare. Forward Integrity for Secure Audit Logs. Technical report, University of California at San Diego Department of Computer Science and Engineering, Nov. 1997.
33. W. Yurcik. Senior Systems Security Engineer, The National Center for Supercomputing Applications (NCSA), Telephone correspondence, Jan. 28, 2005.