| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Know Your Enemy: Worms at War This paper was born out of pure curiosity. Our Honeynet was being pounded with UDP port 137 and TCP port 139 scans. The network was getting scanned 5-10 times a day on these ports, something was up. The goal was to learn what these scans were all about. What was out in the Internet causing all of this activity? Based on the ports, we assumed that the scans were looking for Window's based vulnerabilities. The plan was to setup a Win98 honeypot, sit back and wait. We didn't have to wait long.
By Honeynet Project, 04/22/2004
|
|
Intelligence Gathering: Watching a Honeypot at Work The purpose of this article is share with the security community the data I collected from my honeypot. There are many papers available that explain how to set up honeypots and the risks one takes when running a honeypot. While this paper will briefly cover touch upon these topics, it is written for people who want to understand what data honeypot will provide them. This discussion will include the attacker's recon, the attack, the attempted cover-up, and the reason for the attack on the honeypot.
By Toby Miller, 04/22/2004
|
|
Honeypots: Simple, Cost-Effective Detection This is the fourth article in an ongoing series examining honeypots. In this paper we take a step back for a moment and discuss the value of honeypot technologies in general. Why would you want to deploy production honeypots in your organization? How can a honeypot help security professionals to do their job more effectively?
By Lance Spitzner, 04/22/2004
|
|
Honeypots: Are They Illegal? The purpose of this paper is to address the most commonly asked issues. The concepts covered here will be focusing on US statutes, not international, mainly because I'm only familiar with US law. However, these concepts most likely also play some role in the international community. Also, this paper assumes you are familiar with the definition of a honeypot. If you are new to honeypots, I recommend you first read the paper Honeypots: Definitions and Values.
By Lance Spitzner, 04/22/2004
|
|
Fighting Internet Worms With Honeypots As computer attacks evolve, new responses are essential. This paper will evaluate the usefulness of using honeypots to fight Internet worms. The first part of the article will discuss some background information on worms and their ubiquity, then move on to discuss some of the interesting interactive functions of honeypots. Finally, we will study how a honeypot framework can be used to fight off Internet worms and even perform a counterattack, before we conclude with some future perspectives.
By Laurent Oudot , 04/22/2004
|
|
Honeypotting with VMware - basics VMware is essentially a set of software products, the workstation version installs onto Windows or Linux and allows you to run numerous Intel based operating systems on top of it. There is also a server line of products aimed at allowing people to run large numbers of operating systems on a single physical machine, one version of which provides it's own base operating system. Essentially this allows you to run multiple Intel based operating systems on a single physical machine. This alone would be reason enough for many honeypot administrators to celebrate, but there are other reasons as well to use VMware that will become evident. VMware is capable of running all versions of Windows, Linux, most of the BSD family, Solaris for Intel, Novell NetWare, and a number of other operating systems are unsupported but can be made to work.
By Kurt Seifried, 04/22/2004
|
|
Design Of A Default Redhat Server 6.2 Honeypot The following paper is a description of how I have designed and implemented a honeypot system. The paper describes how the honeypot is used to capture data in layers using different techniques. The aim of the honeypot is to discover the techniques and tactics used by blackhats (hackers) to compromise computer systems. The methods used are similar to the methods used by the Honeynet Project.
By Stephen Holcroft, 04/22/2004
|
|
Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot My previous three honeypots had all been RedHat 6.2 default server installs and had all been hacked using exploits in rpc.statd or wuftpd. RedHat 6.2 seems to be a reasonable representation of the operating systems that exist out on the internet at the moment, although 6.2 is pretty dated there are still a lot of copies floating around as I found out when I asked a colleague for a copy of RedHat. This is going to be my last Redhat 6.2 honeypot after this I will move onto pastures new, perhaps a Windows machine or a later version of Redhat.
By Stephen Holcroft, 04/22/2004
|
|
Honeypot + Honeypot = Honeynet What do you get when you place two (or more) honeypots into a network? The answer is a honeynet. The idea of creating a network of lures was the seminal idea behind the Honeynet Project (http://project.honeynet.org), a non-profit, IT security research group started in 1999.
By Eric Carr, 04/22/2004
|
|
Hands in the Honeypot The Honeynet Project was started for the purpose of recording the actions of attackers. The results were quite surprising. According to the findings of the Honeynet Project, a random computer on the Internet is scanned dozens of times a day. The time before someone successfully hacks a default install of RedHat 6.2 server is less than seventy-two hours. A home computer with Windows 98 and file sharing enabled was hacked five times in four days. The fastest time for a server to be hacked is fifteen minutes after it was plugged into the network. The findings of the project have made the security community stand up and take notice. Attackers will not go away on their own: We need to research their tactics, motives, and tools to protect us and our organizations.
04/15/2004
|
|
Page: 1 2 3456 |
