Hail Mary Cloud

The Hail Mary Cloud was, or is, a password guessing botnet, which used a statistical equivalent to brute force password guessing.

The botnet ran from possibly as early as 2005,^[1] and certainly from 2007 until 2012 and possibly later. The botnet was named and documented by Peter N. M. Hansteen.^[2]

The principle is that a botnet can try several thousands of more likely passwords against thousands of hosts, rather than millions of passwords against one host. Since the attacks were widely distributed, the frequency on a given server was low and was unlikely to trigger alarms.^[2] Moreover, the attacks come from different members of the botnet, thus decreasing the effectiveness of both IP based detection and blocking.

References[edit]

^ Javed, Mobin; Paxson, Vern (2013). "Detecting stealthy, distributed SSH brute-forcing". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. New York, New York, USA: ACM Press. pp. 85–96. CiteSeerX 10.1.1.392.1199. doi:10.1145/2508859.2516719. ISBN 9781450324779.
^ ^a ^b Hansteen, Peter (2013), The Hail Mary Cloud And The Lessons Learned, Berkeley System Distribution (BSD), Andrea Ross, doi:10.5446/19183, retrieved 2021-04-11

External links[edit]

That grumpy BSD guy: The Hail Mary Cloud And The Lessons Learned

[1] Javed, Mobin; Paxson, Vern (2013). "Detecting stealthy, distributed SSH brute-forcing". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. New York, New York, USA: ACM Press. pp. 85–96. CiteSeerX 10.1.1.392.1199. doi:10.1145/2508859.2516719. ISBN 9781450324779.

[:0-2] Hansteen, Peter (2013), The Hail Mary Cloud And The Lessons Learned, Berkeley System Distribution (BSD), Andrea Ross, doi:10.5446/19183, retrieved 2021-04-11

[1]

[2]