 | This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Hail Mary Cloud" – news · newspapers · books · scholar · JSTOR (August 2020) (Learn how and when to remove this message) |
The Hail Mary Cloud was, or is, a password guessing botnet, which used a statistical equivalent to brute force password guessing.
The botnet ran from possibly as early as 2005, and certainly from 2007 until 2012 and possibly later. The botnet was named and documented by Peter N. M. Hansteen.
The principle is that a botnet can try several thousands of more likely passwords against thousands of hosts, rather than millions of passwords against one host. Since the attacks were widely distributed, the frequency on a given server was low and was unlikely to trigger alarms. Moreover, the attacks come from different members of the botnet, thus decreasing the effectiveness of both IP based detection and blocking.
References
- Javed, Mobin; Paxson, Vern (2013). "Detecting stealthy, distributed SSH brute-forcing". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. New York, New York, USA: ACM Press. pp. 85–96. CiteSeerX 10.1.1.392.1199. doi:10.1145/2508859.2516719. ISBN 9781450324779.
- ^ Hansteen, Peter (2013), The Hail Mary Cloud And The Lessons Learned, Berkeley System Distribution (BSD), Andrea Ross, doi:10.5446/19183, retrieved 2021-04-11