A Brute-force Technique for the Stepping Stone Self-Diagnosis of Interactive Services on Linux Servers (리눅스 서버에서 인터렉티브 서비스 Stepping Stone 자가진단을 위한 brute-force 기법)

Koohong Kang (강구홍)

A Brute-force Technique for the Stepping Stone Self-Diagnosis of Interactive Services on Linux Servers

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2015, 20(5), pp.41-51
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

Koohong Kang ¹

¹서원대학교

Accredited

ABSTRACT

In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.

KEYWORDS

Stepping stone, Trace-back, Connection chain

Citation status

* References for papers published after 2023 are currently being built.

[confproc] S.R. Sanpp / 1991 / DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype / Proceedings of the 14th National Computer Security Conference : 167~176

[confproc] H.T. Jung / 1993 / Caller Identification System in the Internet Environment' / Proceedings of UNIX Security Symposium IV : 69~78

[confproc] S. Staniford-Chen / 1995 / Holding Intruders Accountable on the Internet / Proceedings of the IEEE Symposium on Security and Privacy : 39~49

[confproc] Y. Zhang / 2000 / Detecting Stepping Stones / Proceedings of the 9th Conference on USENIX Security Symposium : 184~194

[confproc] K. Yoda / 2000 / Finding a Connection Chain for Tracing Intruders / Proceedings of the Computer Security - European Symposium on Research in Computer Security (ESORICS 2000) : 191~205

[confproc] X. Wang / 2002 / Inter-Packet Delay Based Correlation for tracing Encrypted Connections Through Stepping Stones / Proceedings of the Computer Security - European Symposium on Research in Computer Security (ESORICS 2002) : 244~263

[book] B.A. Forouzan / 2010 / TCP/IP Protocol Suite Fourth Edition / McGraw-Hill : 610~629

[book] M.G. Sobell / 2013 / A Practical Guide to Fedora and Red Hat Enterprise Linux / Prentice Hall : 227~301

[book] M. Wilding / 2005 / Self-Service Linux: Mastering the Art of Problem Determination / Prentice Hall : 41~88

[web] htop / htop - an interactive process viewer for Linux / http://hishan.hm/htop

[book] A. Robbins / 2005 / Classic Shell Scripting / O'Reilly Media : 109~266

[journal] 강구홍 / 2014 / An Implementation Strategy for the Physical Security Threat Meter Using Information Technology / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 19(7) : 47~57

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65