Sciweavers

NDSS
2006
IEEE

Inoculating SSH Against Address Harvesting

14 years 5 months ago
Inoculating SSH Against Address Harvesting
Address harvesting is the act of searching a compromised host for the names and addresses of other targets to attack, such as occurs when an email virus locates target addresses from users’ address lists or mail archives. We examine how host addresses harvested from Secure Shell (SSH) clients’ known hosts files can aid those attacking SSH servers. Each user’s known hosts file contains the names of every host previously accessed by its owner. Thus, when an attacker compromises a user’s password or identity key, the known hosts file can be used to identify those hosts on a network that are most likely to accept this compromised credential. Such attacks are not theoretical – a single attacker who targeted host authentication via SSH and employed known hosts address harvesting was able to gain access to a multitude of academic, commercial, and government systems. To show the value of known hosts files to such attackers, we present results of a study of known hosts files and...
Stuart E. Schechter, Jaeyeon Jung, Will Stockwell,
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where NDSS
Authors Stuart E. Schechter, Jaeyeon Jung, Will Stockwell, Cynthia D. McLain
Comments (0)