Linux Today: Linux News On Internet Time.

More on LinuxToday

LinuxSecurity: Days of the Honeynet: Attacks, Tools, Incidents

May 05, 2003, 13:00 (0 Talkback[s])
(Other stories by Anton Chuvakin)

"Among other benefits, running a honeynet makes one acutely aware about 'what is going on' out there. While placing a network IDS outside one's firewall might also provide a similar flood of alerts, a honeypot provides a unique prospective on what will be going on when a related server is compromised used by the intruders.

"As a result of our research, many gigabytes of network traffic dumps are piling up on the hard drives, databases are filling with alerts, rootkits and exploit-pack collections are growing.

"This paper is an attempt to informally summarize what was happening to our exposed Linux machine connected to the Internet. The moment is even more appropriate since we are now changing the platform of the victim machine.. Our Linux honeypot survived dozens, if not more, system compromises including several massive outbound denial-of-service attacks (all blocked by the firewall!), major system vulnerability scanning and serving as an Internet Relay Chat (IRC) server for Romanian hackers--and other exciting stuff..."

Complete Story

Related Stories: