Irish Honeynet Attracts Trojans

Discussion in 'other security issues & news' started by Paul Wilders, Aug 8, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    An Irish decoy computer network set-up to study would-be cyber attackers was hit over 350 times in June with many of the attacks being Trojan Horses.



    The Irish Honeynet, which was established in Ireland by Data Electronics (then Inflow), Deloitte & Touche and Espion in mid-March, recorded 364 attacks on its server during June. According to those behind the initiative, the period also saw a "massive" increase in the attempted use of Trojan Horse programs, particularly the SubSeven Trojan Horse program.


    Trojan Horse programs allow their users to illicitly control a computer remotely and the SubSeven Trojan Horse gives them the ability to see the screen as the computer's user sees it, log all keystrokes (including passwords), and it can be configured to inform an attacker when the infected computer has connected to the Internet. The attacker can then use the infected system to attack other systems.


    According to Colm Murphy, technical director of Espion, it is not clear why there has been such an upturn in the use of Trojan Horse programmes. "They are scanning for infected servers, which are easy targets because once infected they are easy to control," he said.


    The Irish Honeynet also detected during June the use of a number of highly sophisticated methods of attack such as IP spoofing, which involves an attacker pretending to have an IP address on a victim's LAN. They may pretend to be a crucial machine on the network, such as an e-mail or file server, which will receive useful and often confidential material.


    Since its establishment, the Irish Honeynet has been attacked a total of 922 times up until the end of June, with the majority of the attacks coming from Asia (33 percent), as well as the US and Canada (30 percent), and Europe (32 percent). Only between 5 percent and 10 percent of the attacks actually compromised the system.


    The purpose of the Honeynet is to collect data and information about the methods used by malicious cyber attackers (Blackhats) to break into the computer systems of organisations. It consists of a server connected to the Internet on a random and constantly changing IP address. Although the server itself contains very little information, it is designed to mimic the Internet infrastructures commonly used by organisations and is embedded with tracking and monitoring tools.


    "Up until now, most Irish security statistics have been based on studies from the US and to a lesser extent from the UK," explained Murphy. "The Irish Honeynet was set-up to measure just how vulnerable Irish organisations actually are to attack and results to date have shown that it does not matter where a company is based, if it is vulnerable then this will be exploited by blackhats."


    There are several Honeynets around the world and most of them, including the Irish one, are associated with the non-profit US-based Honeynet Research Alliance.

    -----

    source: electricnews.net
     
  2. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    I had never heard about that, but sure seems like a very smart idea!
     
  3. Yes it is. ;)
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    There are various of those honeypots on the net for the purpose. Maybe... i remember once surfed on such a thing of the us.gov in which entrance pages the purpose was explained... maybe those alarmers at FBI did not know? See yesterdays hilarious postings in the forum about it.
     
  5. http://project.honeynet.org/papers/

    Some of these FAQ will make a quick study of many of the issues I know hold your interest.
    http://project.honeynet.org/misc/faq.html
    This Organization is One of the best.
    http://project.honeynet.org/

    And these are but I few sites of some of them members.
    http://hogwash.sourceforge.net/
    http://www.monkey.org/~dugsong/
    http://www.wiretrip.net/

    You can find many more at the site and info on all the members. They have nothing to hide.
     
Loading...
Thread Status:
Not open for further replies.