A distributed active response architecture for preventing SSH dictionary attacks

Abstract

Dictionary attacks against Internet servers that provide the secure shell (SSH) service for secure, remote login is very common. The dictionary attack is an attempt to gain unauthorized access to a server by continuously guessing username and password pairs using sophisticated brute force techniques. Solutions exist that can detect and prevent this attack for a local host. However, a technique that distributes the detection and prevention information to a server's trusted neighbors can provide a gain in security by way of preemptive protection. This paper describes a distributed active response architecture that provides proactive, preemptive protection against the SSH dictionary attack.