Damage by Botnets

Monday, April 30. 2007
A few days ago, Ed Felton posted a summary of a recent Botnet Briefing in Washington. The interesting point is the question whether or not the $5000 damage threshold of the Computer Fraud and Abuse Act is too high for such cases and if it would make more sense to have some designated number of computers affected. Presumably this comes back to the question on how to estimate the damage of a single incident. Do you take into account the time to clean up the bot-infected machines (re-installing the system, customizing everything, restoring from backup, ...) and also the costs of possible DDoS, identity theft, or other kind of victims?
Posted by Thorsten Holz in general at 12:56 | Comments (0) | Trackbacks (0)

Web-based Honeypot Decoys

Monday, April 30. 2007
Michael Müter just finished his diploma thesis entitled "Web-based Honeypot Decoys".

Abstract
Honeypots are a well known technique in order to gain more information about the proceeding of attackers in communication networks. With the constant growth of the Internet web applications have become more and more attractive and worthwhile targets for attackers. The web-based honeypots that exist so far exclusively focus on a low-interaction approach which only allows to monitor and observe a very limited amount of information about an attack.
In this work we extend the concept of honeypots and develop a generic high-interaction web-based honeypot toolkit. The toolkit allows to transform an arbitrary web application into a high-interaction web-based honeypot, which can capture and record every single step an attacker performs at a system. In order to monitor and analyse the large amounts of data a high-interaction system accumulates, we furthermore develop a tool which supports the process of gaining the important information out of the collected data. We demonstrate the success of our approach by presenting different results and examples we obtained with our implementation during the last months.


Continue reading "Web-based Honeypot Decoys"

Posted by Thorsten Holz in honeynets at 10:50 | Comment (1) | Trackbacks (0)
(Page 1 of 1, totaling 2 entries)