Honeypots mailing list archives
RE: Introducing the Tactical Honeynet Deployment Project
From: "Dan Hawrylkiw" <dh () ahpra org>
Date: Mon, 1 Sep 2003 13:41:25 -0700
I'm glad to see any advancement in honeynets and agree that more deceptive boxes make it less likely that an advanced blackhat will 'bail'. However, I think there are three requirements for capturing advanced activity- Location, Location, and Location.. Advanced blackhats aren't interested in collecting rooted boxes. They are interested in information. What this means is that they will be looking for concentrations of valuable information. Where?- Probably high profile netblocks and/or production servers. Advanced blackhats will probably only use a host found through random scanning as a jumping-off point. The reality is that they probably won't root a random box any differently than a script-kiddie. While it would be interesting to see how a jump point was used by an advanced black-hat, I wouldn't want to touch the potential legal issues of being a middle-man in a theft of over 100K credit card numbers. I have seen *somewhat* more interesting activity (such as defacement attempts) on honeypots used to offload attacks from internet facing web or mail servers. These honeypots can be used to 'protect' production systems from real attacks, which is legally plausible. Merely monitoring the attacker's activity is legally unclear, and big players with more to lose are less likely to be interested in playing. With that said- If the legal issues weren't there, I think the most interesting captures would come from honeynets that looked like backdoors into an organization's internal network. /Dan Hawrylkiw Phoenix Area Network Intrusion Research Alliance Honeypot: noun; Online multiplayer role-playing game; where only one party knows who is playing. -----Original Message----- From: Michael Anuzis [mailto:michael_anuzis () hotmail com] Sent: Saturday, August 30, 2003 11:32 AM To: honeypots () securityfocus com Subject: Introducing the Tactical Honeynet Deployment Project Dear honeynet community, This e-mail is to inform anyone interested of the establishment of the Tactical Honeynet Deployment Project ( http://www.thdp.org ). Currently there are several honeynet and honeypot projects in existance and I think everyone would agree with me if I said: "it seems like the last thing the honeynet research community needs is another project doing the same old thing..." but at the same time I think we can each agree honeynet research has been struggling as of late. Something has been missing. Script-kids are the only ones getting "caught", or "biting the bait" so to speak. The Tactical Honeynet Deployment Project, with a complete focus on the concepts of deception, psychology, and control, hopes to transform the honeypot from a tool hacked only by neophyte script-kids, to a more advanced system of deployment that will be capable of studying the more sophisticated class of blackhats. As of now, our project is just being established and we have very few members. For this reason, if you have been in the study of honeynet research for a while and are ready to take your honeynet designs to the next level, we would be interested in sharing your insights in our project's pages. If our project's website (available at http://www.thdp.org) sounds like something you would be interested in participating in, it would be a great opportunity for us to work together in making today's limited honeynet implementations into something more. Regards, Michael Anuzis, CCNA Network Security Consultant Mobile: 248.376.7030 CTO, Advanced DataTactics, Inc. CTO, Advanced InfoTactics, Inc. Project Coordinator: http://www.thdp.org _________________________________________________________________ Get MSN 8 and help protect your children with advanced parental controls. http://join.msn.com/?page=features/parental
Current thread:
- Re: Introducing the Tactical Honeynet Deployment Project, (continued)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Damian Menscher (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Lance Spitzner (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Thomas Jones (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Scott Garman (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Reining (Sep 02)