Attack and Intrusion Analysis across the Public Internet

Attack and Intrusion Analysis across the Public Internet

Secure Shell (SSH) Servers are routinely used to allow network administrators to obtain remote secure access to the systems they manage. Due to level access they provide into systems, they are prime targets for hackers. This research provides an in-depth analysis of how Secure Shell Daemons (SSH Servers) are being attacked across the Internet using geographical information determined from the address of the attacker. Data was collected from multiple hosts over a thirty-day period connected to several different Internet Service Providers. This data was analyzed using software designed specifically for this project. Conclusions regarding patterns are included in the project. To our surprise, we discovered that the attackers are using a list of established IP addresses of SSH Server daemons exposed to the Internet to significantly reduce the time it takes to find potential target systems.