Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seguretat en xarxes informàtiques Autor: Lluís Pérez Vidal Curs Xarxes Linux.ICE-UPC Honeypots Honeypots “A un panal de rica miel...”

Published byGeorge McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "Seguretat en xarxes informàtiques Autor: Lluís Pérez Vidal Curs Xarxes Linux.ICE-UPC Honeypots Honeypots “A un panal de rica miel...”"— Presentation transcript:

1 Seguretat en xarxes informàtiques Autor: Lluís Pérez Vidal Curs Xarxes Linux.ICE-UPC Honeypots Honeypots “A un panal de rica miel...”

2 Seguretat en xarxes informàtiques Autor: Lluís Pérez Vidal Curs Xarxes Linux.ICE-UPC El honeypot Aquest capítol és una part de Aquest capítol és una part de http://www.fp6-noah.org/ events/workshop_tnc06/noah_worksho p_markatos_v1.ppt www.fp6-noah.org/ Podeu referir-vos-hi per tenir més informació..

3 What is a honeypot? An “undercover” computer – which has no ordinary users – which provides no regular service Or a few selected services if needed – Just waits to be attacked… Its value lies on being compromised – Or in being exploited, scanned, etc. Honeypots are an “easy” target – But heavily monitored ones If attacked, they log as much information as possible

4 When was a honeypot first used? First widely publicized use: The cuckoo’s egg – By Cliff Stoll Cliff Stoll noticed a 75-cent accounting error in the computer he managed – This led Cliff to discover an intruder named “Hunter” – Instead of shutting “Hunter” out, Cliff started to study him – He connected the modem lines to a printer – He created dummy “top-secret” directories to “lure” “Hunter” into coming back – He was paged every time “Hunter” was in – He traced “Hunter” to a network of hackers Paid in cash and drugs and Reporting directly to KGB

5 How do we receive attacks? Three types of sensors: – Traditional honeypots who wait to be attacked – Collaborating organizations who install low-interaction honeypots and forward “interesting” attacks to NoAH core – Honey@Home: A “screensaver” who forwards all unwanted traffic to NoAH Unwanted traffic received at – unused IP addresses – unused TCP/UDP ports

6 The NoAH architecture

7 Traditional Honeypots Low Interaction Honeypot listening to a single IP address of the dark space – Filters out unwanted traffic Which is not part of an attack High Interaction honeypots for providing responses

8 How about limited address space? Number of “traditional” honeypots is usually limited, They cover a small percentage of the IP address space Problem: they may see attack too late Solution: Monitor dark space What is Dark IP Address Space? – Unused IP addresses – IP addresses not associated with any computer – Some organizations (i.e. Universities) have lots of Dark IP address space Assign portions of dark space to this limited number of honeypots Funnel: map the dark space to a single or a few IP addresses

9 Funneling 11.12.15.1 11.12.15.2 11.12.15.3 11.12.15.4 11.12.15.5

10 Monitoring Dark Space of Cooperating Organizations So, where are we going to find the Dark Space? Collaborating Organizations Organizations may participate in NoAH but lack the ability to maintain a honeypot Packets targeting organization’s black space are tunneled to the honeypots of NoAH core

11 The NoAH architecture http://www.honeyathome.org

12 Honey@Home Honey@Home: a honeypot daemon – Run in at home (or at small office) – Run in the background, send all the traffic from the dark space to NoAH core for processing – Dark Space: Unused IP addresses Internal IP addresses Unused ports (or a selected subset of them) – Attackers think they communicate with a home computer but actually talk with honeypots at NoAH core http://www.honeyathome.org

13 Honey@Home Empower the people – To help us fight cyberattacks With minimal installation overhead Minimal runtime overhead Appropriate for small organizations – Who want to contribute – But do not have the technical knowledge To install/maintain a full-fledged honeypot http://www.honeyathome.org

14 Honey@Home illustrated http://www.honeyathome.org

Download ppt "Seguretat en xarxes informàtiques Autor: Lluís Pérez Vidal Curs Xarxes Linux.ICE-UPC Honeypots Honeypots “A un panal de rica miel...”"

Similar presentations

Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Evangelos Markatos, FORTH CyberSecurity Research in Crete Evangelos Markatos Institute of Computer Science.

Evangelos Markatos, FORTH CyberSecurity Research in Crete Evangelos Markatos Institute of Computer Science.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
NoAH Spiros Antonatos Distributed Computing Systems Lab (DCS) Institute of Computer Science.

NoAH Spiros Antonatos Distributed Computing Systems Lab (DCS) Institute of Computer Science.
Fast Portscan Detection Using Sequential Hypothesis Testing Authors: Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan Publication: IEEE.

Fast Portscan Detection Using Sequential Hypothesis Testing Authors: Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan Publication: IEEE.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Evangelos Markatos, FORTH NoAH: A Network of Affined Honeypots : Current State and Collaboration Opportunities.

Evangelos Markatos, FORTH NoAH: A Network of Affined Honeypots : Current State and Collaboration Opportunities.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
MySQL and PHP Internet and WWW. Computer Basics A Single Computer.

MySQL and PHP Internet and WWW. Computer Basics A Single Computer.

Similar presentations

Ads by Google