AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Ssh honeypot9/14/2023 ![]() ![]() In addition to the design, implementation and deployment of these new types of honey-pots, and analysis of the collected threat intelligence, this thesis also includes our additional work on a new Hone圜lient – a client honey-pot and a way to break Android Sandboxing environment. Analyzing the behavior of attackers will be used for further innovation of mechanisms in SSH honeypot and for the National CSIRT of the Czech Republic - CSIRT. Coincidentally, the recent outbreak of a ransomware “WannaCry” was an exploitation of the Microsoft SMB version 1 implementation bug. The unique contribution of this thesis includes: Implementation of HoneySMB (Honeypot for SMB protocol), HoneyWEB with SQL-injection vulnerability and HoneyDB (Honeypot for mysql database). This thesis work gives a new dimension to honey-pot methodologies, new techniques to implement different types of honeypots that does not exist yet in the literature or in the product space. It can also be used to analyze the behavioral signature of the attackers trying to compromise a system and to provide useful insights into potential system loop-holes. If designed and deployed correctly, a honey-pot can function as an advance surveillance tool and well as a threat intelligence collection mechanism. This research aims to contribute to endeavours in the wider security research community to build methods, grounded on strong empirical work, for assessment of the robustness of computer-based systems in hostile environments.Ī honey-pot is a deception toolkit, designed to hook an attacker attempting to compromise the production systems of any institute or organization. Even though results from honeynet deployments are reported often in the literature, this paper provides novel results analyzing traffic from three different types of networks and some initial exploratory models. We analyze in detail the times between attacks on different hosts, operating systems, networks or geographical location. We detail the architecture of the deployment and results of comparing the observations from the three environments. All three networks contain a mixture of Windows and Linux hosts. They deviate the attack to the fake system rather than the original system and even it. ![]() In this paper we present empirical results and speculative analysis based on observations collected over a two month period from studies with two high interaction honeynets, deployed in a corporate and an SME (small to medium enterprise) environment, and a distributed honeypots deployment. A honeypot is an intentionally created fake system that is designed as a trap for the potential attackers. ![]()
0 Comments
Read More
Leave a Reply. |