Re: Research on Bots (Trends, advancements, future in security world, evolution....)

[Srikanth Dabbiru <srikanthdab () gmail com>]

Hi Meenal and/or Pedro,

I started off using High Interaction Honeypots initially, used all kinds of
tools to study the data stream flowing into these Honeypots. I was more of
involved into focusing at the "human" traffic, so, worms and similar nature
were off my filter or rather I would say, I was not keen on looking at and
analyzing them. I was more of interested in focusing at a *nix perspective.

But, then, as my research demanded more and more of a 'narrowed down
approach'...((you know your professor asks you to come back over and over
until you get a good, hardcore, 'what-new' kind of topic))...i moved to low
interaction honeypots with a focus on wireless media and OS
fingerprinting.... and yeah the other reason to move to low interaction is
to sit and monitor your high interaction honeypot 24x7 [coz there was one
moment when the pot got compromised and the adversary runs the command `rm
-rf /`  :-( ]

So like i said before, I am no expert, but, am sure this may lead you to
something...I would advise running a high interaction yourself to collect
and analyze in order to find more about 'improvisations' in Bots....or if
that sounds daunting, you could gather the already collected data samples
from organisations like www.honeynet.org
 
Pedro, Do you run yours for business or pleasure ?


Regards,
Srikanth.




@Pedro Henrique Calais
Hello Srikanth,

Which kind of honeypots are yours?


    I also work with honeypots; they are low-interaction honeypots emulating
open proxies and open relays.

    Regards,

    -- Pedro


Meenal Mukadam wrote:
> Hello Srikanth,
>
> Thank you. Basically I am trying to map the evolution of Botnets by
> mapping the technological advancements to their evolution pattern. I
> have had success with studying and understanding the Bots with respect
> to the improvement in stealth, usage of encryption, their morphing
> (need more information on this) & inclusion of AI.
>
> I am trying to gain additional knowledge to understand how the
> Bot-herders are tweaking them to make them more deadly and lethal.
> Also what is the current scenario in Botnet technology and in Botnet
> Business. What can be their future enhancements and their additional
> usage.
>
> I would really like if you can share your valuable insights (from your
> experience, or from the analysis of the traces of Bots in your
> Honeypot).
>
> Thanking you in advance....
>
>
> Thanks,
>
> Meenal A. Mukadam
>
>
>
> On Sat, Feb 28, 2009 at 2:26 PM, Srikanth Dabbiru <srikanthdab () gmail com>
> wrote:
> > Hello Meenal,
> >
> > What exactly are you looking to document in your research ?
> >
> > I am no expert in information security, but, I can tell you that the
> > trend
> > is to track, study and analyze Bots via Honeypots. The whole point is to
> > defend against these automated attacks proactively (if you know what I
> > mean).
> >
> > I myself am doing a research at my university on Honeypots. So I know the
> > value of having a Honeypot(s) within an organization.
> >
> > Regards,
> > Srikanth.
>
>
>
> -- 
> Meenal A. Mukadam
>
> -----------------------------------------------------------------
> http://www.linkedin.com/in/meenalmukadam
> -----------------------------------------------------------------
> Far away there in the sunshine
> are my highest aspirations.
> I may/maynot reach them,
> but I can look up and see their beauty,
> believe in them and try to follow
> where they lead
> -------------------------------------------------------------

-- 
View this message in context: 
http://www.nabble.com/Re%3A-Research-on-Bots-%28Trends%2C-advancements%2C-future-in-security-world%2C--evolution....%29-tp22339704p22344482.html
Sent from the Security Basics mailing list archive at Nabble.com.