Design Of A Default Redhat Server 6.2 Honeypot
The following paper is a description of how I have designed and implemented a honeypot system. The paper describes how the honeypot is used to capture data in layers using different techniques. The aim of the honeypot is to discover the techniques and tactics used by blackhats (hackers) to compromise computer systems. The methods used are similar to the methods used by the Honeynet Project.
|
|
Honeypotting with VMware - basics
VMware is essentially a set of software products, the workstation version installs onto Windows or Linux and allows you to run numerous Intel based operating systems on top of it. There is also a server line of products aimed at allowing people to run large numbers of operating systems on a single physical machine, one version of which provides it's own base operating system. Essentially this allows you to run multiple Intel based operating systems on a single physical machine. This alone would be reason enough for many honeypot administrators to celebrate, but there are other reasons as well to use VMware that will become evident. VMware is capable of running all versions of Windows, Linux, most of the BSD family, Solaris for Intel, Novell NetWare, and a number of other operating systems are unsupported but can be made to work.
|
|
Fighting Internet Worms With Honeypots
As computer attacks evolve, new responses are essential. This paper will evaluate the usefulness of using honeypots to fight Internet worms. The first part of the article will discuss some background information on worms and their ubiquity, then move on to discuss some of the interesting interactive functions of honeypots. Finally, we will study how a honeypot framework can be used to fight off Internet worms and even perform a counterattack, before we conclude with some future perspectives.
|
|
Honeypots: Are They Illegal?
The purpose of this paper is to address the most commonly asked issues. The concepts covered here will be focusing on US statutes, not international, mainly because I'm only familiar with US law. However, these concepts most likely also play some role in the international community. Also, this paper assumes you are familiar with the definition of a honeypot. If you are new to honeypots, I recommend you first read the paper Honeypots: Definitions and Values.
|
|
Honeypots: Simple, Cost-Effective Detection
This is the fourth article in an ongoing series examining honeypots. In this paper we take a step back for a moment and discuss the value of honeypot technologies in general. Why would you want to deploy production honeypots in your organization? How can a honeypot help security professionals to do their job more effectively?
|
|
Watching a Honeypot at Work
The purpose of this article is share with the security community the data I collected from my honeypot. There are many papers available that explain how to set up honeypots and the risks one takes when running a honeypot. While this paper will briefly cover touch upon these topics, it is written for people who want to understand what data honeypot will provide them. This discussion will include the attacker's recon, the attack, the attempted cover-up, and the reason for the attack on the honeypot.
|
|
Know Your Enemy: Worms at War
This paper was born out of pure curiosity. Our Honeynet was being pounded with UDP port 137 and TCP port 139 scans. The network was getting scanned 5-10 times a day on these ports, something was up. The goal was to learn what these scans were all about. What was out in the Internet causing all of this activity? Based on the ports, we assumed that the scans were looking for Window's based vulnerabilities. The plan was to setup a Win98 honeypot, sit back and wait. We didn't have to wait long.
|
|
Know Your Enemy: Building Virtual Honeynets
Virtual Honeynets take the concept of honeynet technologies, and implement them into a single system. Virtual honeynets are not a new concept, instead they take the existing concept of Honeynets and implement them in a different fasion. This implementation has its unique advantages and disadvantages over traditional honeynets. The advantages are reduced cost and easier management, as everything is combined on a single system. However, this simplicity comes at a cost. First, you are limited to what types of operating system you can deploy by the hardware and virtualization software. Second, virtual honeynets come with a risk, specifically that an attacker can break out of the virtualization software and take over the Honeynet system, bypassing data control and data capture mechanisms.
|
|
Know Your Enemy: Honeynets
The purpose of this paper is to discuss what a Honeynet is, its value to the security community, how it works, and the risks/issues involved. It is hoped that the security community can use the techniques discussed here to learn for themselves about the blackhat community. It is also hoped that the security community can take the methods and techniques discussed here and improve them, thereby improving the effectiveness of Honeynets and our ability to learn more about the enemy. However, we want to be sure that organizations are also aware of the many risks and issues involved with a Honeynet.
|
|
Open Source Honeypots, Part Two: Deploying Honeyd in the Wild
This is the second part of a three-part series looking at Honeyd, an open source solution that is excellent for detecting attacks and unauthorized activity. In the first paper, we introduced honeypots and discussed what they are, their value, and the different types of honeypots. We then went into detail about the Honeyd,. In this paper we take a closer look at Honeyd. Specifically, we will deploy Honeyd on the big, scary Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered.
|
|
Open Source Honeypots: Learning with Honeyd
A honeypot is a security resource whose value lies in being probed, attacked, or compromised. The key point with this definition is honeypots are not limited to solving only one problem, they have a number of different applications. To better understand the value of honeypots, we can break them down into two different categories: production and research. Production honeypots are used to protect your network, they directly help secure your organization. Research honeypots are different
|
|
Problems and Challenges with Honeypots
For the past 18 months we have seen a tremendous growth in honeypot technologies. Everything from OpenSource solutions such as Honeyd and Honeynets, to commercial offerings such as KFSensor are commonly available. However, as with any relatively new technology, there are still many challenges and problems. In this paper we take an overview of what several of these problems are, and look at possible approaches on how to solve them. By identifying these problems now, we can hope to make honeypots a stronger technology for the future. The three problems we discuss below are identifying honeypots, exploiting honeypots, and attacker clientele. It is assumed you have already read and understood the concepts previously covered in Honeypots: Definitions and Values.
|
|
Specter: a Commercial Honeypot Solution for Windows
This is the third installment in an ongoing series of articles looking at honeypots. In the first two papers, we discussed the OpenSource honeypot Honeyd, how it works, and a deployment in the wild. In this paper we will look at a different honeypot, the commercially supported solution Specter.
|
|
The Motives and Psychology of the Black-hat Community
This information was obtained through the use of a honeynet. A honeynet is a network of various honeypots, designed to be compromised by the black-hat community. While some honeypots are used to divert the attention of attackers from legitimate systems, the purpose of a honeynet is to learn the tools and tactics of the black-hat community. Most of the information provided in this document has been sanitized. Specifically, user identities and passwords, credit card numbers, and most of the system names involved have all been changed. However, the actual technical tools and the chat sessions themselves have not been sanitized. All this information was forwarded to both CERT and the FBI before being released. Also, over 370 notifications were sent out to administrators of systems we believed were compromised.
|
|
Page: 1 2 3 4
|
Actions
Category Stats