본문 바로가기
  • Home

A Brute-force Technique for the Stepping Stone Self-Diagnosis of Interactive Services on Linux Servers

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2015, 20(5), pp.41-51
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science

Koohong Kang 1

1서원대학교

Accredited

ABSTRACT

In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.

Citation status

* References for papers published after 2022 are currently being built.