Different types of Virtual Honeynets.
Over the past several years Honeynets have demonstrated their value as a security mechanism, primarily to learn about the tools, tactics, and motives of the blackhat community. This information is critical for organizations to better understand and protect...
The Study of an Attack
This paper is a continuation of the Know Your Enemy series. The first three papers covered the tools and tactics of the black-hat community. This paper, the fourth of the series, studies step by step a successful attack of a system. However, instead of focusing on the...
The Motives and Psychology of the Black-hat Community
This paper is a continuation of the Know Your Enemy series. This series is dedicated to learning the tools and tactics of the black-hat community. Unlike the previous papers which focused purely on the "what" and "how" of the black-hat community...
Identifying remote hosts, without them knowing
One of the challenges of network security is learning about the bad guys. To understand your threats and better protect against them, you have to Know Your Enemy. Passive Fingerprinting is a method to learn more about the enemy, without them knowing it...
Analyzing the past ... predicting the future
Over the past several years, the Honeynet Project has been collecting and archiving information on blackhat activity. We have attempted, to the best of our ability, to log and capture every probe, attack, and exploit made against our Honeynet. This raw...
What a Honeynet is, its value, how it works, and risk/issues involved.
The Honeynet Project is an all volunteer, non-profit research organization dedicated to learning the tools, tactics, and motives of the blackhat community and sharing the lessons learned. The primary tool used to gather this...
Easier to deploy, harder to detect, safer to maintain.
The GenII (2nd generation) honeynet is the next step in the evolution of honeynet technology. Using new techniques developed by the members of the Honeynet Project and the security community, the GenII honeynet greatly increases the flexibility...
Tracking a blackhat's moves
This article is the second of a series of articles. In the first article, Know Your Enemy, we covered the tools and methodologies of the Script Kiddie. Specifically, how they probe for vulnerabilities and then attack. The third paper covers what script kiddies do once...
The Setup
During a one month period (20 Sep - 20 Oct) we confirmed 524 unique NetBIOS scans on our Honeynet network. These scans consisted of UDP port 137 (NetBIOS Naming Service) probes, usually followed by TCP port 139 (NetBIOS Session Service). That is large number of scans probing for a...
The Tools and Methodologies of the Script Kiddie
My commander used to tell me that to secure yourself against the enemy, you have to first know who your enemy is. This military doctrine readily applies to the world of network security. Just like the military, you have resources that you are trying...
Honeynets can be difficult to configure and resource intensive to deploy, requiring a variety of technologies and systems. Many users or organization that want to research Honeynets may not have the resources for deployments. Therefore, this paper will focus on building a Honeynet using a single...
Virtual Honeynets are a solution that allow you to run a complete Honeynet with multiple operating systems on the same physical computer. First discussed in the paper Know Your Enemy: Virtual Honeynets, these solutions have the advantage of being easier to deploy and simpler to manage. The Honeynet...
Some Linux distributions may not come with shadow passwords enabled. Perhaps you are asking, what exactly is a 'shadow password'? Let's first look at how a system without shadow passwords enabled works, then take a look at how an enabled system deals with passwords.
Some Linux distributions may not...
What is iptables?
IPTABLES now allows Linux to perform kernel/software level statefull inspection of IP packets. This allows things like NATing and "connection tracking"--and features a few advantages over IP-chains.
Some Differences Between IP-Tables and IP-Chains
In ipchains you used -j DENY...
Copyright © 2001-2002 by Oskar Andreasson
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1; with the Invariant Sections being "Introduction" and all sub-sections, with the Front-Cover Texts being "Original...
