Honey Pot

HONEYPOTS
TRACKING HACKERS
By Nishesh
Bakshi
A WORD ON SECURITY
“The secret to a good defense

is good offense”
- Anonymous
Brief Background
• Who is a Hacker?
– A Hacker is a person who tries to gain

unauthorized access to a network.
How a hacker affect a server?
• Steals confidential data.

• Imposes someone else.
• Causes loss of resources.
• Sometimes causes even hardware
loss.
What are the security issues?
• To provide secure connection

between the client and the server.
• E.g. email service provided by
various web-sites.
How Hackers work
• Gathers information about the server

• Chooses the weakest link
• Start exploiting that link
How Honeypots work.
Definition of Honeypots
“ A honeypot is a security resource

whose value is in being probed,
attacked or compromised “
HONEYPOT ?
• HoneyPots are not a single tool but a

highly flexible technology.
• HoneyPots come in variety of shapes

and sizes.
everything from a simple windows system emulating a few services to an
entire network of production systems waiting to be hacked !!!
• HoneyPots have a variety of values.

everything from a burglar alarm that detects an intruder to a research tool
that can be used to study the motives of the black hat community !!!
QUESTIONS ON HPs ?
• What are the different values this unique

technology can have? What are the different
HoneyPot technologies available today?
• What the advantages and disadvantages of using
HoneyPots?
• Are there any deployment and maintenance
issues associated with HoneyPots?
• Are all HoneyPots offensive in nature?
IS THIS A HONEYPOT ?
On a network, install a firewall which

restricts all outbound traffic.
Attackers can get into the network
but not use this network to spread
out the infection.
CONCERNS
(THE “WHAT-IF” FACTOR)
• What if the attacker is lured into a

HoneyPot? He/She will be infuriated
by the deception and retaliate
against the organisation.
• What if the HoneyPot is

misconfigured?
THEN WHY USE HONEYPOTS ?
• At the end of year 2000, the life expectancy of a default

installation of Red Hat 6.2 was less than 72 hrs !
• One of the fastest recorded times a HoneyPot was

compromised was 15 min. This means that within 15 min of
being connected to the internet, the system was found,
probed, attacked, and successfully exploited by the
attacker! The record for capturing a worm was 90 sec !!
• During an 11 month period (Apr 2000 – Mar 2001), there

was a 100% increase in IDS alerts based on Snort.
• In the beginning of 2002, a home network was scanned on

an average by three different systems a day.
• The year 2001 saw a 100% increase in reported incidents

from 21,756 to 52,658 reported attacks.
WHAT CAN HONEYPOTS DO ?
• Can they capture known attacks ?
• Can they detect unknown attacks ?

ADVANTAGES OF USING HONEYPOTS
• Data Value
HoneyPots collect very little data, but they collect is
essentially of very high value.
HoneyNet project research group collects less than 1 MB
data per day !
• Resources
HoneyPots typically donot have problems of resource
exhaustion.
• Simplicity
No fancy algorithms to develop.
No signature databases to maintain.
No rule-bases to misconfigure !
DISADVANTAGES OF HONEYPOTS
• Narrow field of view

HoneyPots only see the activity directed against
them.
• Fingerprinting
An incorrectly implemented HoneyPot can
identify itself and others of the same kind.
CLASSIFICATION OF HONEYPOTS
(1/2)
[Based on level of INTERACTION]

Are you hoping to catch the attackers in
action and learn about their tools and
tactics?
OR
Are you interested in detecting unauthorized
activity ?
OR
Are you hoping to capture latest worm for
analysis ?
CLASSIFICATION OF HONEYPOTS
(2/2)
LEVEL OF WORK TO INSTALL WORK TO DEPLOY INFORMATION LEVEL OF
INTERACTION AND CONFIGURE AND MAINTAIN GATHERING RISK
Low Easy Easy Limited Low
Medium Involved Involved Variable Medium
High Difficult Difficult Extensive High

Conclusion
• Honeypots are good resources for

tracing hackers.
• The value of Honeypots is in being
Hacked.
• Honeypots have their own pros and
cons and this technology is still
developing.
REFERENCES
• WWW.SNORT.ORG
• WWW.HACKINGEXPOSED.COM
• WWW.INFOSECWRITERS.COM
• WWW.SECURITYFOCUS.COM
• WWW.SANS.ORG
• WWW.SPECTER.COM

Honey Pot

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Honey Pot

Transféré par

Droits d'auteur :

Formats disponibles

HONEYPOTS

“The secret to a good defense

– A Hacker is a person who tries to gain

• Steals confidential data.

• To provide secure connection

• Gathers information about the server

“ A honeypot is a security resource

• HoneyPots are not a single tool but a

• HoneyPots come in variety of shapes

• HoneyPots have a variety of values.

• What are the different values this unique

On a network, install a firewall which

(THE “WHAT-IF” FACTOR)

• What if the attacker is lured into a

• What if the HoneyPot is

• At the end of year 2000, the life expectancy of a default

• One of the fastest recorded times a HoneyPot was

• During an 11 month period (Apr 2000 – Mar 2001), there

• In the beginning of 2002, a home network was scanned on

• The year 2001 saw a 100% increase in reported incidents

• Can they capture known attacks ?

• Can they detect unknown attacks ?

• Narrow field of view

[Based on level of INTERACTION]

LEVEL OF WORK TO INSTALL WORK TO DEPLOY INFORMATION LEVEL OF

INTERACTION AND CONFIGURE AND MAINTAIN GATHERING RISK

Low Easy Easy Limited Low

Medium Involved Involved Variable Medium

High Difficult Difficult Extensive High

• Honeypots are good resources for

Vous aimerez peut-être aussi