Definition of Honeypots
Defined as: A trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.
|
|
Honeypots
|
|
Know Your Enemy: Honeynets
This paper focuses on what a honeynet is, its value to the security community, how it works, and the risks/issues involved. This paper has been updated to include GenI, GenII, and Virtual Honeynet technologies.
Read the Article
|
How To Build A Honeypot
This article is a follow up to the "Know Your Enemy" series. Many people from the Internet community asked me how I was able to track black-hats in the act of probing for and compromising a system. This paper discusses just that. Here I describe how I built, implemented, and monitored a honeypot network designed specifically to learn how black-hats work.
Read the Article
|
Creating a Virtual HoneyNet
Creating a virtual honeynet is no more than configuring a number of virtual-networked-systems to log all activity heading to it, while looking as generic as possible. Don't worry if you feel you can't afford the resources needed to run the honeynet, virtual honeynets are cheap, powerful and easy to admin, plus thru this paper I'll be trying to put in as much of my experience as possible to make it easier for you, but before we start there are a few points we have to understand.
Read the Article
|
Exposing the Underground: Adventures of an Open Proxy Server
This paper discusses the abuse of misconfigured HTTP proxy servers, taking a detailed look at the types of traffic that flow through this underground network. Also discussed is the use of a "honeyproxy", a server designed to look like a misconfigured HTTP proxy. Using such a tool we can spy on the Internet underground without the need for a full-blown honeypot.
Read the Article
|
Honey Pots and Honey Nets - Security through Deception
This article describes a security tool and concept known as a Honey Pot and Honeynet. What makes this security tool different is that Honey Pots and Honeynets are digital network bait, and through deception, they are designed to actually attract intruders. This paper expands on the work of two SANS GSEC research papers: 'Honey Pot Systems Explained' - by Loras Even and 'Honey Pots and Intrusion' - by David Klug.
Read the Article
|
Installing, Configuring, and Testing The Deception Tool Kit on Mac OS X
This paper will introduce a Honey Pot known as the Deception Tool Kit (DTK) written by Fred Cohen. It will give an overview of what the DTK is, where to obtain it, how it works, and offers advice about when it should be deployed. Out of the box, the DTK is readily installable on most Unix-based operating systems including Linux, but has no installation support for Apple's new operating system Mac OS X (OSX). For more information on OS X see Apple's website at http://www.apple.com/macosx/ (Apple) The pre-requisites and changes that are necessary to install and run the DTK on OSX will be outlined for the reader, showing how it differs from a standard Unix system in the context of using this product. The goal of this paper is to facilitate the installation of the DTK by a novice user onto any Mac OS X machine. After it is installed, we will set-up the DTK to run on port 8080 and provide a deception on that port in response to a threat.
Read the Article
|
Turning the tables: Loadable Kernel Module Rootkits deployed in a honeypot environment
Honeypots are one of the latest technologies available to track and monitor hackers and Internet attackers. They can be generally divided into two different areas, production and research honeypots. Honeypots can also be classified by the amount of system interaction they provide to an attacker and therefore the risk that is involved. First, a very simple, low interaction, low risk honeypot, Back Officer Friendly, is discussed and tested. Next, a new generation of honeypot techniques are discussed, utilizing the advantages of loadable kernel modules for tracking hackers. Finally, and overview of the sebek honeypot system will be discussed focusing on the functionality, advantages and disadvantages of such a system.
Read the Article
|
Hands in the Honeypot
The Honeynet Project was started for the purpose of recording the actions of attackers. The results were quite surprising. According to the findings of the Honeynet Project, a random computer on the Internet is scanned dozens of times a day. The time before someone successfully hacks a default install of RedHat 6.2 server is less than seventy-two hours. A home computer with Windows 98 and file sharing enabled was hacked five times in four days. The fastest time for a server to be hacked is fifteen minutes after it was plugged into the network. The findings of the project have made the security community stand up and take notice. Attackers will not go away on their own: We need to research their tactics, motives, and tools to protect us and our organizations.
Read the Article
|
Honeypot + Honeypot = Honeynet
What do you get when you place two (or more) honeypots into a network? The answer is a honeynet. The idea of creating a network of lures was the seminal idea behind the Honeynet Project (http://project.honeynet.org), a non-profit, IT security research group started in 1999.
Read the Article
|
Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot
My previous three honeypots had all been RedHat 6.2 default server installs and had all been hacked using exploits in rpc.statd or wuftpd. RedHat 6.2 seems to be a reasonable representation of the operating systems that exist out on the internet at the moment, although 6.2 is pretty dated there are still a lot of copies floating around as I found out when I asked a colleague for a copy of RedHat. This is going to be my last Redhat 6.2 honeypot after this I will move onto pastures new, perhaps a Windows machine or a later version of Redhat.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7
Members currently browsing this category:
|
|
