Educause Security Discussion mailing list archives
Honeypots - a Tool for Detecting Network Intrusion
From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Tue, 15 Apr 2003 09:04:46 -0600
-----Original Message----- From: CAnet-NEWS () canarie ca [mailto:CAnet-NEWS () canarie ca] Sent: Tuesday, April 15, 2003 9:27 AM Subject: [news] Honeypots - a tool for detecting network intrusion For more information on this item please visit the CANARIE CA*net 4 Optical Internet program web site at http://www.canarie.ca/canet4/library/list.html ------------------------------------------- [Thanks to Rene Hatem for this pointer. Some excerpts - BSA] http://news.com.com/2100-1009-996574.html Honeypots get stickier for hackers VANCOUVER, British Columbia--Spitzner and two dozen members of the Honeynet Project hope new changes to the group's open-source honeypot technology will help the method become much more popular among security companies and others. The technology is designed to help users forge their own honeypots--faked computers and networks that serve as decoys for discovering online miscreants. New features will help honeypots become harder for intruders to detect and easier to deploy for companies and even home users. Honeypots solve a major problem of intrusion-detection systems, which frequently flag innocuous network traffic as a potential attack. These "false positives," as they're called, make the systems difficult to manage. They also create a "crying wolf" situation, in which genuine threats can be overlooked. Honeypots can solve the problem because they only detect data sent to a specific server--one that, because it's fake, shouldn't have any data sent to it at all. Because attackers generally encrypt their communications with a compromised server after successfully breaking in, the group has modified the operating system used with its system--currently Linux--to enable it to parrot the commands back to the administrator. Essentially a wiretap, the function lets administrators see any commands that are being seen by the operating system. The honeypot setup also includes software to spoof responses back to commonly used mapping software, so that the decoy system can pretend to be anything from a single system to a large network. ------------------------------------- To subscribe or unsubscribe to the CANARIE-NEWS list please send e-mail to: majordomo () canarie ca In the body of the e-mail: subscribe news end ------------------------------------- These news items and comments are mine alone and do not necessarily reflect those of the CANARIE board or management. --------- Bill.St.Arnaud () canarie ca starnau () attglobal net www.canarie.ca/~bstarn ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Honeypots - a Tool for Detecting Network Intrusion Valerie Vogel (Apr 15)
- <Possible follow-ups>
- Re: Honeypots - a Tool for Detecting Network Intrusion J. B. Chambers (Apr 21)