| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
GenII Data Control for Honeynets: Understanding and Building Snort-Inline Data Control Data control is a must if you are running high-interaction honeypots. The purpose of data control is to protect us from upstream liability. As we learned from reading this paper data control is somewhat of a skill that can only be learned through real world experience. GenI data control's alert.sh script is easy to deploy and configure making it perfect for those just getting started with high interaction honeypots. The limitation of GenI data control is that it operates one notch up in the stack at Layer3 making it easier to detect by our enemy. Also, GenI data control only works in connection limit mode. GenII data control operates at Layer2 making it difficult to detect and offers us more options to capture our enemy's motives, tools, and tactics. We can build our GenII data control system for connection limiting, or we can QUEUE enable the packets for Snort where a verdict can be set to determine the fate of each packet based on how the Snort signatures are implemented.
03/22/2004
|
|
Open Source Honeypots: Learning with Honeyd Brief introduction to the concepts of honeypots and their value, plus detail on how one such honeypot – Honeyd - works and how to deploy one.
03/22/2004
|
|
Open Source Honeypots, Part Two: Deploying Honeyd in the Wild This is the second part of a three-part series looking at Honeyd, an open source solution that is excellent for detecting attacks and unauthorized activity. In the first paper, we introduced honeypots and discussed what they are, their value, and the different types of honeypots. We then went into detail about the Honeyd,. In this paper we take a closer look at Honeyd. Specifically, we will deploy Honeyd on the big, scary Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered.
03/22/2004
|
|
Honeypots - Definitions and Value of Honeypots...updated! This is a general defintion covering all the different manifistations of honeypots. We will be discussing in this paper different examples of honeypots and their value to security. All will fall under the definition we use above, their value lies in the bad guys interacting with them. Conceptually almost all honeypots work they same. They are a resource that has no authorized activity, they do not have any production value. Theoreticlly, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. While this concept sounds very simple (and it is), it is this very simplicity that give honeypots their tremendous advantages (and disadvantages). I highlight these below.
03/22/2004
|
|
Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot A complete analysis of an attack on a RedHat Linux 6.2 honeypot. This is the first time I have decided to write an incident analysis of what happened, mainly to inform people of the risk that default installations of any operating system pose and also so I can better understand exactly what happened. Putting things down on paper seems to clarify things better than trying to work everything out in your head.
03/22/2004
|
|
Design Of A Default Redhat Server 6.2 Honeypot The following paper is a description of how I have designed and implemented a honeypot system. The paper describes how the honeypot is used to capture data in layers using different techniques. The aim of the honeypot is to discover the techniques and tactics used by blackhats (hackers) to compromise computer systems. The methods used are similar to the methods used by the Honeynet Project.
03/22/2004
|
|
Honeynet: Recent Attacks Review This paper is an attempt to informally summarize what was happening to our exposed Linux machine connected to the Internet. The moment is even more appropriate since we are now changing the platform of the victim machine.. Our Linux honeypot survived dozens, if not more, system compromises including several massive outbound denial-of-service attacks (all blocked by the firewall!), major system vulnerability scanning and serving as an Internet Relay Chat (IRC) server for Romanian hackers - and other exciting stuff.
03/22/2004
|
|
If you go down to the Internet today – Deceptive Honeypots This is preliminary research into the effectiveness of deceptive defensive measures in particular honeypots that use deceit as a primary defensive and offensive mechanism. Initial research has been conducted using the Deception Tool Kit and its ability to fool commonly available network scanning tools such as Nessus and Nmap The preliminary research indicates that these deceptive tools have a place in modern network defense architecture.
03/22/2004
|
|
Fun things to do with a Honeypot Fun things to do with honeypots. Discussed are techniques that can be used to create an environment that keeps a hacker’s interest piqued in your honeypot, and how to extract the maximum amount of data from them.
03/22/2004
|
|
Know Your Enemy: Sebek2 A detailed look into one of the Project's most powerful tools for capturing all of an attacker's activity on a honeypot, even encrypted activity, such as SSH, burneye, and IPSec. This paper covers what Sebek is, its value, how it works, and how to analyze data recovered by Sebek.
03/22/2004
|
|
Page: 123 4 56 |
