Presentation is loading. Please wait.

Presentation is loading. Please wait.

What if you hit back? Counter-intelligence and Counter-attack

Published byAxel Kappel Modified over 6 years ago

Similar presentations

Presentation on theme: "What if you hit back? Counter-intelligence and Counter-attack"— Presentation transcript:

1 What if you hit back? Counter-intelligence and Counter-attack
Honeynet Project - What if you hit back? Counter-intelligence and Counter-attack Dave Dittrich University of Washington cac.washington.edu> 11/14/2018

2 Honeynet Project - project@honeynet.org
Overview Honeynet Project - Levels of Active Defense Use of “Intelligence” Case Studies Included as Examples Conclusion Discussion 11/14/2018

3 Levels of active defense
Honeynet Project - Intelligence gathering locally Intelligence gathering remotely Actively tracing the attacker Actively retaliating against the attacker 11/14/2018

4 Honeynet Project - project@honeynet.org
Intelligence (local) Honeynet Project - Host, IDS & Firewall Logs Malware artifacts & Sniffer Logs Network Traffic Case study: “BlennY” (1999) 11/14/2018

5 Intelligence (remote)
Honeynet Project - External services Internal commands Malware artifacts Case study: Trin00 (1999) 11/14/2018

6 Honeynet Project - project@honeynet.org
Active traceback Honeynet Project - Requires intelligence (local, remote) Requires active cooperation of remote site Requires careful correlation of logs Case study: mountd attacks (1998) 11/14/2018

7 Honeynet Project - project@honeynet.org
Active retaliation Honeynet Project - Requires multiple levels of local/remote intelligence More remote, less trustworthy/accessible Attribution? Liability Case study: (not here!) 11/14/2018

8 Conclusion Locally, you have control Remotely, you don’t
Attribution is hard Think very carefully 11/14/2018

9 Honeynet Project - project@honeynet.org
Questions? Website: 11/14/2018

Download ppt "What if you hit back? Counter-intelligence and Counter-attack"

Similar presentations

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.

Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.
Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation.

Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Information Security Overview BA483 – May 15 th, 2006 Presented By Kris Rosenberg, CISSP, MCSE, CCNA CTO Oregon State University College of Business.

Information Security Overview BA483 – May 15 th, 2006 Presented By Kris Rosenberg, CISSP, MCSE, CCNA CTO Oregon State University College of Business.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Explore the use of multiple gateways for intrusion detection defense Sunil Bhave & Sonali Patankar CS526 Fall 2002.

Explore the use of multiple gateways for intrusion detection defense Sunil Bhave & Sonali Patankar CS526 Fall 2002.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.

Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.
Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector  Background.

Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector  Background.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Security Warnings TROPE: Teachers’ Resources for Online Privacy Education www.teachingprivacy.org 1.

Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Sravanthi Vattikuti Sri Harsha Devabhaktuni

Sravanthi Vattikuti Sri Harsha Devabhaktuni
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Similar presentations

Ads by Google