Security

Defining Virtual Honeynets

Different types of Virtual Honeynets. Over the past several years Honeynets have demonstrated their value as a security mechanism, primarily to learn about the tools, tactics, and motives of the blackhat community. This information is critical for organizations to better understand and protect...

A Forensic Analysis

The Study of an Attack This paper is a continuation of the Know Your Enemy series. The first three papers covered the tools and tactics of the black-hat community.  This paper, the fourth of the series, studies step by step a successful attack of a system.    However, instead of focusing on the...

Motives

The Motives and Psychology of the Black-hat Community This paper is a continuation of the Know Your Enemy series. This series is dedicated to learning the tools and tactics of the black-hat community. Unlike the previous papers which focused purely on the "what" and "how" of the black-hat community...

Passive Fingerprinting

Identifying remote hosts, without them knowing One of the challenges of network security is learning about the bad guys. To understand your threats and better protect against them, you have to Know Your Enemy. Passive Fingerprinting is a method to learn more about the enemy, without them knowing it...

Statistics

Analyzing the past ... predicting the future Over the past several years, the Honeynet Project has been collecting and archiving information on blackhat activity. We have attempted, to the best of our ability, to log and capture every probe, attack, and exploit made against our Honeynet. This raw...

Honeynets

What a Honeynet is, its value, how it works, and risk/issues involved. The Honeynet Project is an all volunteer, non-profit research organization dedicated to learning the tools, tactics, and motives of the blackhat community and sharing the lessons learned. The primary tool used to gather this...

GenII Honeynets

Easier to deploy, harder to detect, safer to maintain. The GenII (2nd generation) honeynet is the next step in the evolution of honeynet technology. Using new techniques developed by the members of the Honeynet Project and the security community, the GenII honeynet greatly increases the flexibility...

Know Your Enemy II

Tracking a blackhat's moves This article is the second of a series of articles. In the first article, Know Your Enemy, we covered the tools and methodologies of the Script Kiddie. Specifically, how they probe for vulnerabilities and then attack. The third paper covers what script kiddies do once...

Know Your Enemy: Worms at War

The Setup During a one month period (20 Sep - 20 Oct) we confirmed 524 unique NetBIOS scans on our Honeynet network. These scans consisted of UDP port 137 (NetBIOS Naming Service) probes, usually followed by TCP port 139 (NetBIOS Session Service). That is large number of scans probing for a...

Know Your Enemy

The Tools and Methodologies of the Script Kiddie My commander used to tell me that to secure yourself against the enemy, you have to first know who your enemy is. This military doctrine readily applies to the world of network security. Just like the military, you have resources that you are trying...

Building Virutal Honeynets using UML

Honeynets can be difficult to configure and resource intensive to deploy, requiring a variety of technologies and systems. Many users or organization that want to research Honeynets may not have the resources for deployments. Therefore, this paper will focus on building a Honeynet using a single...

Building Virutal Honeynets using VMware

Virtual Honeynets are a solution that allow you to run a complete Honeynet with multiple operating systems on the same physical computer. First discussed in the paper Know Your Enemy: Virtual Honeynets, these solutions have the advantage of being easier to deploy and simpler to manage. The Honeynet...

Shadow Passwords

Some Linux distributions may not come with shadow passwords enabled. Perhaps you are asking, what exactly is a 'shadow password'? Let's first look at how a system without shadow passwords enabled works, then take a look at how an enabled system deals with passwords. Some Linux distributions may not...

IPTABLES - A Quick Reference

What is iptables? IPTABLES now allows Linux to perform kernel/software level statefull inspection of IP packets. This allows things like NATing and "connection tracking"--and features a few advantages over IP-chains. Some Differences Between IP-Tables and IP-Chains In ipchains you used -j DENY...

Iptables Tutorial

Copyright © 2001-2002 by Oskar Andreasson Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1; with the Invariant Sections being "Introduction" and all sub-sections, with the Front-Cover Texts being "Original...