Honeypot Compromise
Since the end of September, the honeynet at RWTH Aachen University is online again. And after about 24 hours, the first incident happened again: with the help of SSH brute forcing, an attacker was able to gain access to one of the honeypots running Linux. Later next week I should be able to blog more about the details of this attack...
Presumably also interesting for some of you: as part of diploma his thesis, Claus Overbeck currently implements a solution to automatically track botnets. The thesis is entitled "Efficient Observation of Botnets" and the resulting tool should be able to observe what is happening within botnets. Together with nepenthes and CWSandbox, we are then able to automatically collect and analyze autonomous spreading malware, and track the corresponding botnet. If you want to have more information about the project, please contact me or wait for further blog entries in the following weeks.
Presumably also interesting for some of you: as part of diploma his thesis, Claus Overbeck currently implements a solution to automatically track botnets. The thesis is entitled "Efficient Observation of Botnets" and the resulting tool should be able to observe what is happening within botnets. Together with nepenthes and CWSandbox, we are then able to automatically collect and analyze autonomous spreading malware, and track the corresponding botnet. If you want to have more information about the project, please contact me or wait for further blog entries in the following weeks.
".
