Browse > Article
http://dx.doi.org/10.9708/jksci.2015.20.5.041

A Brute-force Technique for the Stepping Stone Self-Diagnosis of Interactive Services on Linux Servers  

Kang, Koo-Hong (Dept. of Information and Communication Engineering, Seowon University)
Publication Information
Journal of the Korea Society of Computer and Information / v.20, no.5, 2015 , pp. 41-51 More about this Journal
Abstract
In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.
Keywords
Stepping stone; Trace-back; Connection chain;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S.R. Sanpp, J. Brentano, G.V. Dias, T.L Goan, L.T. Heberlein, C.L. Ho, K.N. Levitt, B. Mukherjee, S.E. Smaha, T. Grance, D.M. Teal, and D. Mansur, "DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype," In Proceedings of the 14th National Computer Security Conference, pp. 167-176, Oct. 1991.
2 H.T. Jung, H.L. Kim, Y.M. Seo, G. Choe, S.L. Min, C.S. Kim, "Caller Identification System in the Internet Environment'" In Proceedings of UNIX Security Symposium IV, pp. 69-78, Oct. 1993.
3 S. Staniford-Chen and L.T. Heberlein, "Holding Intruders Accountable on the Internet," In Proceedings of the IEEE Symposium on Security and Privacy, pp. 39-49, May 1995.
4 Y. Zhang and V. Paxson, "Detecting Stepping Stones," In Proceedings of the 9th Conference on USENIX Security Symposium, pp. 184-194, 2000.
5 K. Yoda and H. Etho, "Finding a Connection Chain for Tracing Intruders," In Proceedings of the Computer Security - European Symposium on Research in Computer Security (ESORICS 2000), pp. 191-205, 2000.
6 X. Wang, D.S. Reeves, and S.F. Wu, "Inter-Packet Delay Based Correlation for tracing Encrypted Connections Through Stepping Stones," In Proceedings of the Computer Security - European Symposium on Research in Computer Security (ESORICS 2002), pp. 244-263, 2002.
7 B.A. Forouzan, "TCP/IP Protocol Suite" Fourth Edition, McGraw-Hill, pp. 610-629, 2010.
8 M.G. Sobell, "A Practical Guide to Fedora and Red Hat Enterprise Linux" Prentice Hall, pp. 227-301, 2013.
9 M. Wilding and D. Behman, "Self-Service Linux: Mastering the Art of Problem Determination" Prentice Hall, pp. 41-88, 2005.
10 htop, "htop - an interactive process viewer for Linux," http://hishan.hm/htop
11 A. Robbins and N. Beebe, "Classic Shell Scripting," O'Reilly Media, pp. 109-266, 2005.
12 K. Kang, "An Implementation Strategy for the Physical Security Threat Meter Using Information Technology," Journal of the Korea Society of Computer and Information, Vol. 19, No. 7, pp. 47-57, July 2014.   DOI   ScienceOn