Infosec Writers: Detecting Botnets Using a Low Interaction Honeypot
Mar 28, 2006, 12:15 (0 Talkback[s])
(Other stories by Jamie Riden)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"This paper describes a simple honeypot using PHP and emulating
several vulnerabilities in Mambo and Awstats. We show the mechanism
used to 'compromise' the server and to download further malware.
This honeypot is 'fail-safe' in that when left unattended, the
default action is to do nothing – though if the operator is
present, exploitation attempts can be investigated. IP addresses
and other details have been obfuscated in this version..."