Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeypot as a Service Bedřich Košata • bedrich.kosata@nic.cz • 26 May 2016.

Published by奇 干 Modified over 7 years ago

Similar presentations

Presentation on theme: "Honeypot as a Service Bedřich Košata • bedrich.kosata@nic.cz • 26 May 2016."— Presentation transcript:

1 Honeypot as a Service Bedřich Košata • • 26 May 2016

2 What is a honeypot? Vulnerable machine used for observing attackers' behavior Usually simulated or sand-boxed to prevent actual harm Protocol specific (SSH, Telnet, SMTP, etc.)

3 Common honeypot pitfalls
Small numbers Fixed dedicated IP addresses get to “black-list” with time Imperfect simulation attackers can detect they are in a honeypot It would be great to put HPs on end users' machines

4 Project Turris 2000 custom routers given to people in Czech Republic
Used as a network security probe Users required to have public IPv4 address

5 Turris as honeypot Offers a large number of instances
Geographically and topologically diverse Some IP addresses change from time to time Interesting proof of concept Must not endanger users!

6 Honeypot as a Service

7 Honeypot as a Service Used for SSH Runs on a CZ.NIC maintained server
User just installs a simple program on the router One port/instance dedicated to each client Centrally maintained and improved helps fight against honeypot detection Logged sessions presented to users and centrally analyzed

8 SSH honeypot technology - server
based on Cowrie written in Python fork of the popular Kippo honeypot extended to support running many instances on different ports available on multiport

9 SSH honeypot technology - client
based on mitmproxy does a man-in-the-middle “attack” on the connection available on

10 Hosted SSH honeypot - 2016 Used by about 350 users
about 2000 sessions/day, 4 commands/session unique IP addresses since Jan 1, 2016

11 SSH honeypot results

12 SSH honeypot results attackers use exactly the same set of commands in the same order over 70 % are from Argentina (mostly Telefonica de Argentina) over 50 % have port 7547 open (DSL provisioning)

13 Results from SSH honeypot

14 Results from SSH honeypot

15 SSH honeypot results - 2016 55,000 wget commands
2,000 unique download URLs 676 unique download IPs

16 Future plans Will be offered to Turris Omnia users
Offer honeypot as a service to the public other routers, servers Move to open data release mode Create clients for common systems Improve data analysis methods Raise awareness of security situation on the Internet

17 Potential for cooperation
Cooperate on honeypot software Install and run independent honeypot services data exchange, debugging Create a federated system of honeypot services run in different countries by different hosts

18 Thank You Bedřich Košata •

Download ppt "Honeypot as a Service Bedřich Košata • bedrich.kosata@nic.cz • 26 May 2016."

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
How does a network identify computers and transmissions?

How does a network identify computers and transmissions?
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.

Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
Copyright 2010 Justin C. Klein Keane Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise.

Copyright 2010 Justin C. Klein Keane Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Www.BeyondSecurity.comwww.SecurITeam.com Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.
Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.

Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
Network Management System The Concept –From a central computer, network administrator can manage entire network Collect data Give commands –Moving gradually.

Network Management System The Concept –From a central computer, network administrator can manage entire network Collect data Give commands –Moving gradually.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System

Similar presentations

Ads by Google