HoneyNet Looks to Stick Hackers
Anyone know what kind of encryption is being discussed below? (ie, that hackers use to communicate with each other) -TD HoneyNet Looks to Stick Hackers -------------------------------------------------------------------------------- Online vandals and stalkers beware. A group of security professionals called The HoneyNet Project, has just made it easier for law enforcement to stealthily track the behavior of online evil-doers. On Monday, the volunteer group, which consists of two dozen computer security, information intelligence, and psychology professionals, released the second version of its how-to-build-a-honeynet software, a tool used by law enforcement and others interested in security issues to track the behavior of hackers. For those folks not down with security lingo, a honeynet expands on the concept of a honeypot, a software application that pretends to be a server on the Internet and lures unsuspecting hackers to it. A honeynet is a collection of these honeypots networked together. When hackers (or blackhats, as theyre known in security circles) enter the honeynet, they are watched closely by a combination of surveillance technologies. Youre really playing with fire in this type of environment, says Lance Spitzner, a security architect at Sun Microsystems Inc. (Nasdaq: SUNW - message board) and founder of the four-year old HoneyNet Project. The whole point is to observe the bad guys as they go about their work in a controlled setting without them knowing it. The way it works is an intrusion-detection system triggers a virtual alarm whenever an attacker breaches security on one of the networked computers. Meanwhile, an administrator watches everything the intruder types, from commands to emails to chat sessions. A separate firewall is set up to cut the hacker off from the Internet anytime he tries to attack another system from the honeynet. Proponents say the latest HoneyNet release includes the following improvements over previous versions: The software is prepackaged for easy setup and comes for installation on a single server. A new utility called Honey Inspector, which will be released soon, will allow honeypots within the honeynet to be managed and analyzed through a graphical user interface. Eventually, the HoneyNet Project expects to release a bootable CD-ROM that will make installing its version of a honeynet even easier. Software includes improvements for breaking encryption codes that hackers often use to communicate with each other. The designers claim to have made it harder for hackers to detect that theyve been lured into a honeynet. In the previous version of software, all the surveillance was done at Layer 3. Hackers had to pass through a Layer 3 gateway when entering the honeynet, which often tipped them off to what was happening. But now HoneyNet uses a Layer 2 bridging gateway, making any surveillance invisible to the hacker. The upgrade includes an enhanced firewall that blocks harmful attacks, while still allowing hackers to communicate with their associates outside the honeynet. The longer we can keep them in the honeynet without them realizing what is going on, the more information we can gather, says Spitzner. We want them talking to their buddies on the Internet, but we dont want them causing anymore harm. So are the Honeynet Project volunteers some sort of cyber police force? Not at all. The not-for-profit groups only purpose is to observe and learn about hacker behavior and share that information with the public. Thats not to say that the information and tools gathered cant be used to catch bad guys. Government agencies like the United States Department of Homeland Security and the Federal Bureau of Investigation (FBI) already use HoneyNet Project information and techniques in their work. The HoneyNet Project is not designed for commercial use, according to Spitzner. He says it wouldnt make much sense for an enterprise to spend the resources to build such a network. But network security might use the tools to learn more about hackers and recommend strategies to clients. All software on the HoneyNet Project Website is free to download by anyone. For more information, go to The HoneyNet Project. Marguerite Reardon, Senior Editor, Light Reading _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
On Thu, 17 Apr 2003, Tyler Durden wrote:
Anyone know what kind of encryption is being discussed below? (ie, that hackers use to communicate with each other)
lance is talking about encrypted archives, pgp'd messages, ssh and silc. short version is that his honeypots install a kernelmod to log all the IO buffers after decryption or before encryption and then fire them out over the wire. there is another kernel mod to prevent the raw socket / bpf / lpf / tap / ??? from seeing frames with a certain mac address. i saw him at cansecwest last week - good talk as usual. the talk he gave should be posted to www.cansecwest.com shortly...
-TD
HoneyNet Looks to Stick Hackers
[snip]
-- GDB has a 'break' feature; why doesn't it have 'fix' too?
On Thu, Apr 17, 2003 at 04:35:10PM -0400, Tyler Durden wrote:
Anyone know what kind of encryption is being discussed below? (ie, that hackers use to communicate with each other)
-TD
rot13? No, just kidding. I think they might be talking about capturing ssh sessions to and from the HoneyNet server. Not quite the way it was presented below... The HoneyNet crew is very clever and capable, but I don't think they're doing encryption research. -- Greg
HoneyNet Looks to Stick Hackers
--------------------------------------------------------------------------------
Online vandals and stalkers beware. A group of security professionals called The HoneyNet Project, has just made it easier for law enforcement to stealthily track the behavior of online evil-doers.
On Monday, the volunteer group, which consists of two dozen computer security, information intelligence, and psychology professionals, released the second version of its how-to-build-a-honeynet software, a tool used by law enforcement and others interested in security issues to track the behavior of hackers.
For those folks not down with security lingo, a honeynet expands on the concept of a honeypot, a software application that pretends to be a server on the Internet and lures unsuspecting hackers to it. A honeynet is a collection of these honeypots networked together. When hackers (or blackhats, as theyre known in security circles) enter the honeynet, they are watched closely by a combination of surveillance technologies.
Youre really playing with fire in this type of environment, says Lance Spitzner, a security architect at Sun Microsystems Inc. (Nasdaq: SUNW - message board) and founder of the four-year old HoneyNet Project. The whole point is to observe the bad guys as they go about their work in a controlled setting without them knowing it.
The way it works is an intrusion-detection system triggers a virtual alarm whenever an attacker breaches security on one of the networked computers. Meanwhile, an administrator watches everything the intruder types, from commands to emails to chat sessions. A separate firewall is set up to cut the hacker off from the Internet anytime he tries to attack another system from the honeynet.
Proponents say the latest HoneyNet release includes the following improvements over previous versions:
The software is prepackaged for easy setup and comes for installation on a single server.
A new utility called Honey Inspector, which will be released soon, will allow honeypots within the honeynet to be managed and analyzed through a graphical user interface. Eventually, the HoneyNet Project expects to release a bootable CD-ROM that will make installing its version of a honeynet even easier.
Software includes improvements for breaking encryption codes that hackers often use to communicate with each other.
The designers claim to have made it harder for hackers to detect that theyve been lured into a honeynet. In the previous version of software, all the surveillance was done at Layer 3. Hackers had to pass through a Layer 3 gateway when entering the honeynet, which often tipped them off to what was happening. But now HoneyNet uses a Layer 2 bridging gateway, making any surveillance invisible to the hacker.
The upgrade includes an enhanced firewall that blocks harmful attacks, while still allowing hackers to communicate with their associates outside the honeynet. The longer we can keep them in the honeynet without them realizing what is going on, the more information we can gather, says Spitzner. We want them talking to their buddies on the Internet, but we dont want them causing anymore harm.
So are the Honeynet Project volunteers some sort of cyber police force? Not at all. The not-for-profit groups only purpose is to observe and learn about hacker behavior and share that information with the public. Thats not to say that the information and tools gathered cant be used to catch bad guys. Government agencies like the United States Department of Homeland Security and the Federal Bureau of Investigation (FBI) already use HoneyNet Project information and techniques in their work.
The HoneyNet Project is not designed for commercial use, according to Spitzner. He says it wouldnt make much sense for an enterprise to spend the resources to build such a network. But network security might use the tools to learn more about hackers and recommend strategies to clients.
All software on the HoneyNet Project Website is free to download by anyone. For more information, go to The HoneyNet Project.
Marguerite Reardon, Senior Editor, Light Reading
_________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
On Thu, 17 Apr 2003, Tyler Durden wrote:
HoneyNet Looks to Stick Hackers ---------------------------------------------------------
According to The Register, honeynets could be legally problematic. http://www.theregister.co.uk/content/55/30320.html Wondering how many more unusable laws the Wise Elected Officials will make. Wondering why you have to pass exams for getting a driving licence, but there are no exams for the ability to make laws...
participants (4)
-
Chris Kuethe
-
Greg Newby
-
Thomas Shaddack
-
Tyler Durden