Infosec Writers: Detecting Botnets Using a Low Interaction Honeypot

"This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail-safe' in that when left unattended, the default action is to do nothing – though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version..."

Complete Story

Download xpdf

Related Stories:

• NewsForge: Crackers and Honey: An Irresistible Combination for Network Security(Nov 15, 2004)
• NewsForge: 'Know Your Enemy': Everything You Need to Know About Honeypots(Sep 28, 2004)
• LinuxSecurity.com: Know Your Enemy: Honeynets(Apr 28, 2001)
• ZDNet: Building Your Own Honeypot(Nov 11, 2000)