Definition of Honeypots
Defined as: A trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.
|
|
Honeypots
|
|
Honeynet: Recent Attacks Review
This paper is an attempt to informally summarize what was happening to our exposed Linux machine connected to the Internet. The moment is even more appropriate since we are now changing the platform of the victim machine.. Our Linux honeypot survived dozens, if not more, system compromises including several massive outbound denial-of-service attacks (all blocked by the firewall!), major system vulnerability scanning and serving as an Internet Relay Chat (IRC) server for Romanian hackers - and other exciting stuff.
Read the Article
|
Design Of A Default Redhat Server 6.2 Honeypot
The following paper is a description of how I have designed and implemented a honeypot system. The paper describes how the honeypot is used to capture data in layers using different techniques. The aim of the honeypot is to discover the techniques and tactics used by blackhats (hackers) to compromise computer systems. The methods used are similar to the methods used by the Honeynet Project.
Read the Article
|
Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot
A complete analysis of an attack on a RedHat Linux 6.2 honeypot. This is the first time I have decided to write an incident analysis of what happened, mainly to inform people of the risk that default installations of any operating system pose and also so I can better understand exactly what happened. Putting things down on paper seems to clarify things better than trying to work everything out in your head.
Read the Article
|
Honeypots - Definitions and Value of Honeypots...updated!
This is a general defintion covering all the different manifistations of honeypots. We will be discussing in this paper different examples of honeypots and their value to security. All will fall under the definition we use above, their value lies in the bad guys interacting with them. Conceptually almost all honeypots work they same. They are a resource that has no authorized activity, they do not have any production value. Theoreticlly, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. While this concept sounds very simple (and it is), it is this very simplicity that give honeypots their tremendous advantages (and disadvantages). I highlight these below.
Read the Article
|
Open Source Honeypots, Part Two: Deploying Honeyd in the Wild
This is the second part of a three-part series looking at Honeyd, an open source solution that is excellent for detecting attacks and unauthorized activity. In the first paper, we introduced honeypots and discussed what they are, their value, and the different types of honeypots. We then went into detail about the Honeyd,. In this paper we take a closer look at Honeyd. Specifically, we will deploy Honeyd on the big, scary Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered.
Read the Article
|
Open Source Honeypots: Learning with Honeyd
Brief introduction to the concepts of honeypots and their value, plus detail on how one such honeypot - Honeyd - works and how to deploy one.
Read the Article
|
GenII Data Control for Honeynets: Understanding and Building Snort-Inline Data Control
Data control is a must if you are running high-interaction honeypots. The purpose of data control is to protect us from upstream liability. As we learned from reading this paper data control is somewhat of a skill that can only be learned through real world experience. GenI data control's alert.sh script is easy to deploy and configure making it perfect for those just getting started with high interaction honeypots. The limitation of GenI data control is that it operates one notch up in the stack at Layer3 making it easier to detect by our enemy. Also, GenI data control only works in connection limit mode. GenII data control operates at Layer2 making it difficult to detect and offers us more options to capture our enemy's motives, tools, and tactics. We can build our GenII data control system for connection limiting, or we can QUEUE enable the packets for Snort where a verdict can be set to determine the fate of each packet based on how the Snort signatures are implemented.
Read the Article
|
Know Your Enemy
The tools and methodology of the most common black-hat threat on the Internet, the Script Kiddie. By understanding how they attack and what they are looking for, you can better protect your systems and network.
Read the Article
|
Know Your Enemy II
This article is the second of a series of articles. In the first article, Know Your Enemy, we covered the tools and methodologies of the Script Kiddie. Specifically, how they probe for vulnerabilities and then attack. The third papercovers what script kiddies do once they gain root. Specifically, how they cover their tracks and what they do next. This, the second paper, will cover how to track their movements. Just as in the military, you want to track the bad guys and know what they are doing. We will cover what you can, and cannot determine, with your system logs. You may be able to determine if you are being probed, what you were being probed for, what tools were used, and if they successful. The examples provided here focus on Linux, but can apply to almost any flavor of Unix. Keep in mind, there is no guaranteed way to track the enemy"s every step. However, this article is a good place to start.
Read the Article
|
Know Your Enemy III
This article is the third of a series focusing on the script kiddie. The first paper focuses on how script kiddies probe for, identify, and exploit vulnerabilities. The second paper focuses on how you can detect these attempts, identify what tools they are using and what vulnerabilities they are looking for. This paper, the third, focuses on what happens once they gain root. Specifically, how they cover their tracks and what they do next.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7
Members currently browsing this category:
|
|
