We measured and analyzed the throughput of brute-force login attacks carried out against an MQTT broker server (namely RabbitMQ), to assess how efficient these attacks can be. The throughput was measured as the number of passwords per second. To perform the attacks, a command-line interface software called Ncrack was used. This tool can attempt to log in to a target service using a list of tentative credentials provided either via a file or directly in the command. As the password list, we used the widespread “RockYou” list, which is a well-known password dictionary file that contains millions of real-world passwords, originated from a data breach of the RockYou social application company in 2009. The attacks were conducted in various ways, simulating different scenarios. First, they were executed locally, simulating a case where a potential hacker has direct access to the server's local network. In this case, by varying the number of passwords in the file used for the attacks, it was observed that the throughput remained fairly constant and high as expected. Subsequently, other scenarios were analyzed. In particular, considering that the MQTT protocol is widely used in vehicular network contexts, it was decided to simulate the network performance of such environments using the tc tool available on Linux systems, and to conduct the attacks within this context. For this analysis, two widely used layer-2 protocols in vehicular networks were considered: IEEE 802.11p and LTE. The link characteristics of both protocols were simulated, recreating the scenario in which a potential attacker has access to one of these networks, and the attacks were carried out as in the previous case. However, unlike the first case, the total number of passwords was kept constant, while the packet loss ratio was varied, thus studying how the attack throughput changed accordingly. These simulations confirmed that the attacks through an IEEE 802.11p or LTE link are significantly less efficient compared to those carried out locally, with a throughput an order of magnitude lower.
Packet captures of login bruteforcing attacks against RabbitMQ MQTT broker via IEEE 802.11p and LTE links
Pericle Perazzo
2025-01-01
Abstract
We measured and analyzed the throughput of brute-force login attacks carried out against an MQTT broker server (namely RabbitMQ), to assess how efficient these attacks can be. The throughput was measured as the number of passwords per second. To perform the attacks, a command-line interface software called Ncrack was used. This tool can attempt to log in to a target service using a list of tentative credentials provided either via a file or directly in the command. As the password list, we used the widespread “RockYou” list, which is a well-known password dictionary file that contains millions of real-world passwords, originated from a data breach of the RockYou social application company in 2009. The attacks were conducted in various ways, simulating different scenarios. First, they were executed locally, simulating a case where a potential hacker has direct access to the server's local network. In this case, by varying the number of passwords in the file used for the attacks, it was observed that the throughput remained fairly constant and high as expected. Subsequently, other scenarios were analyzed. In particular, considering that the MQTT protocol is widely used in vehicular network contexts, it was decided to simulate the network performance of such environments using the tc tool available on Linux systems, and to conduct the attacks within this context. For this analysis, two widely used layer-2 protocols in vehicular networks were considered: IEEE 802.11p and LTE. The link characteristics of both protocols were simulated, recreating the scenario in which a potential attacker has access to one of these networks, and the attacks were carried out as in the previous case. However, unlike the first case, the total number of passwords was kept constant, while the packet loss ratio was varied, thus studying how the attack throughput changed accordingly. These simulations confirmed that the attacks through an IEEE 802.11p or LTE link are significantly less efficient compared to those carried out locally, with a throughput an order of magnitude lower.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
