Honeypots: Not Just for Pooh By: Miranda Alicia Bryant COSC5010 – Jim Ward Spring 2006
“All Warfare is based on Deception.” A Thought… “All Warfare is based on Deception.” Sun Tzu
Honeypots Defined: A honeypot is defined as “A resource whose value is being attacked or compromised. This means, that a honeypot is expected to get probed, attacked, and potentially exploited.” (Spitzer)
Categories of Honeypots Low Interaction Simple, basic services only Medium Interaction More services, database or server High Interaction Complicated, entire OS available
Why use them? Research Tool Hide Main Machines in a web of “fake” ones Part of the Security Software
Hidden Dangers Zombie Machines More Fodder for Black Hats Major Danger with High Interaction More Fodder for Black Hats Learn as much as Security Pro’s from reports Ethical Dangers for users How much information is collected?
Legal Issues Wiretap Act Pen/Trap Statute Loopholes Governs phone lines Pen/Trap Statute Realm of collection of information that pertains to the world outside the phone lines
The Honeynet Project www.honeynet.org Information collected “To learn the tools, tactics and motives involved in computer network attacks, and share the lessons learned.” Three goals: Awareness, Information, and Tools.
Examples of Honeypot Software Low Interaction: LaBrea Tarpit Bubblegum Medium Interaction: Mwcollect Honeybot High Interaction: Sombria Bait n Switch
References Honeynet: www.honeynet.org LaBrea Tarpit: http://labrea.sourceforge.net/ BubbleGum: http://www.proxypot.org/ Honeybot: http://www.atomicsoftwaresolutions.com/honeybot.php
References (cont) MWCollect: http://www.mwcollect.org/ Sombria: http://www.lac.co.jp/business/sns/intelligence/sombria_e.html BaitnSwitch: http://baitnswitch.sourceforge.net/