digg

Facebook Connect Join Digg About

New Honeypot Mimics the Web Vulnerabilities Hackers Exploit

darkreading.com A new open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they're looking for. This next-generation Web server honeypot project poses as Web servers with thousands of vulnerabilities in order to gather firsthand data from real attacks targeting websites.

Who dugg this? Made popular 28 days ago

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

24 Comments

show profanity settings
expand all
  • alanocu, on 11/01/2009, -1/+26Honeypot FTW! How can you go wrong with a name like that + open source.....perfect.
  • coopa, on 11/01/2009, -0/+12Isn't this the definition of a honeypot server?

    From wikipedia
    "In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers."
  • Mike9824, on 11/02/2009, -1/+7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ______________
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . / It’s a honeypot! \
    . . . . . . . . . . . . . . . . _,,,--~~~~~~~~--,_ . . . .\ .______________/
    . . . . . . . . . . . . . . ,-‘ : : : :::: :::: :: : : : : :º ‘-, . . \/. . . . . . . . . .
    . . . . . . . . . . . . .,-‘ :: : : :::: :::: :::: :::: : : :o : ‘-, . . . . . . . . . .
    . . . . . . . . . . . ,-‘ :: ::: :: : : :: :::: :::: :: : : : : :O ‘-, . . . . . . . . .
    . . . . . . . . . .,-‘ : :: :: :: :: :: : : : : : , : : :º :::: :::: ::’; . . . . . . . .
    . . . . . . . . .,-‘ / / : :: :: :: :: : : :::: :::-, ;; ;; ;; ;; ;; ;; ;\ . . . . . . . .
    . . . . . . . . /,-‘,’ :: : : : : : : : : :: :: :: : ‘-, ;; ;; ;; ;; ;; ;;| . . . . . . .
    . . . . . . . /,’,-‘ :: :: :: :: :: :: :: : ::_,-~~,_’-, ;; ;; ;; ;; | . . . . . . .
    . . . . . _/ :,’ :/ :: :: :: : : :: :: _,-‘/ : ,-‘;’-‘’’’’~-, ;; ;; ;;,’ . . . . . . . .
    . . . ,-‘ / : : : : : : ,-‘’’ : : :,--‘’ :|| /,-‘-‘--‘’’__,’’’ \ ;; ;,-‘ . . . . . . . .
    . . . \ :/,, : : : _,-‘ --,,_ : : \ :\ ||/ /,-‘-‘x### ::\ \ ;;/ . . . . . . . . . .
    . . . . \/ /---‘’’’ : \ #\ : :\ : : \ :\ \| | : (O##º : :/ /-‘’ . . . . . . . . . . .
    . . . . /,’____ : :\ ‘-#\ : \, : :\ :\ \ \ : ‘-,___,-‘,-`-,, . . . . . . . . . . .
    . . . . ‘ ) : : : :’’’’--,,--,,,,,,¯ \ \ :: ::--,,_’’-,,’’’¯ :’- :’-, . . . . . . . . .
    . . . . .) : : : : : : ,, : ‘’’’~~~~’ \ :: :: :: :’’’’’¯ :: ,-‘ :,/\ . . . . . . . . .
    . . . . .\,/ /|\\| | :/ / : : : : : : : ,’-, :: :: :: :: ::,--‘’ :,-‘ \ \ . . . . . . . .
    . . . . .\\’|\\ \|/ ‘/ / :: :_--,, : , | )’; :: :: :: :,-‘’ : ,-‘ : : :\ \, . . . . . . .
    . . . ./¯ :| \ |\ : |/\ :: ::----, :\/ :|/ :: :: ,-‘’ : :,-‘ : : : : : : ‘’-,,_ . . . .
    . . ..| : : :/ ‘’-(, :: :: :: ‘’’’’~,,,,,’’ :: ,-‘’ : :,-‘ : : : : : : : : :,-‘’’\\ . . . .
    . ,-‘ : : : | : : ‘’) : : :¯’’’’~-,: : ,--‘’’ : :,-‘’ : : : : : : : : : ,-‘ :¯’’’’’-,_ .
    ./ : : : : :’-, :: | :: :: :: _,,-‘’’’¯ : ,--‘’ : : : : : : : : : : : / : : : : : : :’’-,
    / : : : : : -, :¯’’’’’’’’’’’¯ : : _,,-~’’ : : : : : : : : : : : : : :| : : : : : : : : :
    : : : : : : :¯’’~~~~~~’’’ : : : : : : : : : : : : : : : : : : | : : : : : : : : :
  • ITSpecific, on 11/01/2009, -0/+4New?
  • scuba7183, on 11/01/2009, -0/+4Not really. This is about collecting information about hackers and the techniques they use
  • samurimaster, on 11/02/2009, -0/+3Honeypots are not new
  • salinemist, on 11/02/2009, -0/+2While fun, a honeypot does absolutely nothing to increase the security of your network. If anything it only attracts attention to your network.
  • BlakeEM, on 11/02/2009, -0/+2This is a program that would trap the people trying to use netbus, back orifice, or sub7 client. It wasn't a trojan client or a trojan but a trap to trick people using a client into thinking they are connected to an infected PC.
  • JohnnySoftware, on 11/01/2009, -0/+2I'm not sure this is the most original idea ever. The whole point of a honey pot is so you can learn from, toy with delay, frustrate, tie up, confuse, distract, etc. the attackers. A lot of what they can do betrays things about them and their resources.

    Attackers are sometimes more vulnerable than what they are attacking, depending on the circumstances.

    They could break into someplace to steal information and instead get little and give away a lot.

    Who is going to use a honey pot in a purely defensive manner or simply to detect something? The whole point is to learn as much as you can about the attackers, their software, and anything else you can. They break into your house, you make the rules. If you write software, it executes your rules.
  • BlakeEM, on 11/01/2009, -0/+1In the late 90's I would used some fake trojan programs that emulate popular trojans on the most common ports. I totally forgot the names of them. People doing port scans on the IP range will think I'm infected and find open access unknowing to them everything is fake and they are actually downloading infected files.

    This seems to fit the definition of a honeypot.
  • shadowq8, on 11/02/2009, -0/+1That name is dirty.
  • coopa, on 11/02/2009, -0/+1Ah, thank you. It has been almost 10 years since i last used it, and i didn't have time to read through wikipedia last night!
  • KibibyteBrain, on 11/02/2009, -0/+1They are not tampering with the botnet in this case, they are purposely letting the botnet tamper with them, except in a way the botnet was not expecting. It's still the bots that are initiating all the intelligence, so the honeypot is perfectly OK to do.
  • coopa, on 11/01/2009, -0/+1I remember a similar program that showed as a trojan on your machine but if someone connected you had access to them - or something like that, it has been a long time.

    Actually, this is the program
    http://en.wikipedia.org/wiki/NetBus
    I may be getting the actions wrong though
  • samurimaster, on 11/02/2009, -0/+1I think this particular honeypot is supposed to be even better at looking vulnerable.
  • nyxerebos, on 11/02/2009, -0/+1That really depends on what your goals are. If you just want a secure network, then sure. If you need to do research on the attacks your software faces, and learn of new vulnerabilities as they are entering use then honeypots are a valuable source of information.
  • OmegaWolf, on 11/02/2009, -0/+1Sounds like virtual fly paper.
  • KibibyteBrain, on 11/02/2009, -0/+1If it turned out the ventilation shaft was not a ventilation shaft at all but rather a hole placed to match up for a falsely-specified shaft on the Death Star plans, then it would have been a honeypot.
  • JohnnySoftware, on 11/02/2009, -0/+1What is very nice about this is that he took the trouble to do it and not only that but he also made it open source. Aside from the obvious, usual benefits of that it means that people can create their own variations and the cyber crooks will never know what they are getting into or what will happen when they do.

    They can program contingencies and plan ahead a ply or two but so can the the customized honey pots.

    The only thing is, things will escalate back and forth. Because there are so many botnets created from addled, buggy operating systems, criminal gangs will just use brute force to deal with things that have annoyed them. That is one of their "services" in fact.

    So basically, time to call out which operating system most computers in botnots are running and shame the manufacture into not only fixing the defect(s), but to admit exactly what crimes are being committed with it. For one off incidents maybe not but when this crap is going on 24x7 for years then it is not a one-off event.

    Right now, most public incident reporting is lobotomized. Efforts to fight hackers are suffering because that. End users cannot do enough because they don't know enough. Hey, if there were rapes or murders going on in your neighborhood, the police would tell you so you would not go out at night, take precautions to do everything identically to the victims if it is a serial criminal, change your routines as needed.

    But the public keeps doing the same thing with the same software because they are told to or that changes will not matter. C'mon, that's b.s.

    At least this guy is doing a good job of doing his part. Hope everyone else does theirs.
  • OJSimpson, on 11/02/2009, -1/+1I used to do.... computer stuff like this..... 10 years ago they've had honeypots doing exactly this.

    What I was doing was scanning entire subnets for a few various known issues with which to then log into the NT domain (this was 10 years ago, really haven't done anything such since, honest). Anyways, I ran into one server that was 'open' to like every attack, including various ones that were only available on specific operating systems therefore impossible to all be on the same box. It would was so obvious what it was that it was funny, it reported itself to be vulnerable to pretty much any vulnerability check you'd put against it (but then it wouldn't work, so far as taking over the computer and buffer overflows and whatnot).

    I don't know exactly what information they want to gain with this stuff, i'm sure this is nothing new (and doesn't seem to be after looking over the article). You might get useful info about viruses if this were distributed maybe, other than that I don't understand the point to any of it.

    just my semi-pro opinion, now off my lawn =P
  • rxbudian, on 11/01/2009, -5/+1Wouldn't that mean that we just provided the hacker wannabees a place to practice and learn to be pros?
  • d1ckinabox, on 11/01/2009, -6/+1Trolling the trolls?
    Honestly though, what's to stop them from finding an identifying feature and purposely changing their method of attack?
  • Mikey129, on 11/01/2009, -6/+1More buzzwords FTW!
  • NeoTechni, on 11/01/2009, -12/+1I'm surprised they've got the balls to try this. Normally they are like, "it's illegal for us to tamper with botnets even if we're helping people" blah blah blah

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.