Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization Academic Article uri icon


  • In September 2017, McAffee Labs quarterly report estimated that brute force attacks represent 20% of total network attacks, making them the most prevalent type of attack ex- aequo with browser based vulnerabilities. These attacks have sometimes catastrophic consequences, and understanding their fundamental limits may play an important role in the risk assessment of password-secured systems, and in the design of better security protocols. While some solutions exist to prevent online brute-force attacks that arise from one single IP address, attacks performed by botnets are more challenging. In this paper, we analyze these distributed attacks by using a simplified model. Our aim is to understand the impact of distribution and asynchronization on the overall computational effort necessary to breach a system. Our result is based on Guesswork, a measure of the number of password queries …

publication date

  • May 29, 2018