HoneyNet Looks to Stick Hackers

Greg Newby gbnewby at ils.unc.edu
Fri Apr 18 07:15:04 PDT 2003


On Thu, Apr 17, 2003 at 04:35:10PM -0400, Tyler Durden wrote:
> 
> Anyone know what kind of encryption is being discussed below? (ie, that 
> hackers use to communicate with each other)
> 
> -TD

rot13?  No, just kidding.

I think they might be talking about capturing ssh sessions
to and from the HoneyNet server.  Not quite the way it
was presented below...  The HoneyNet crew is very clever and
capable, but I don't think they're doing encryption research.
  -- Greg

> 
> 
> 
> HoneyNet Looks to Stick Hackers
> 
> --------------------------------------------------------------------------------
> 
> Online vandals and stalkers beware. A group of security professionals 
> called The HoneyNet Project, has just made it easier for law enforcement to 
> stealthily track the behavior of online evil-doers.
> 
> On Monday, the volunteer group, which consists of two dozen computer 
> security, information intelligence, and psychology professionals, released 
> the second version of its how-to-build-a-honeynet software, a tool used 
> by law enforcement and others interested in security issues to track the 
> behavior of hackers.
> 
> For those folks not down with security lingo, a honeynet expands on the 
> concept of a honeypot, a software application that pretends to be a 
> server on the Internet and lures unsuspecting hackers to it. A honeynet 
> is a collection of these honeypots networked together. When hackers (or 
> blackhats, as theyre known in security circles) enter the honeynet, they 
> are watched closely by a combination of surveillance technologies.
> 
> Youre really playing with fire in this type of environment, says Lance 
> Spitzner, a security architect at Sun Microsystems Inc. (Nasdaq: SUNW - 
> message board) and founder of the four-year old HoneyNet Project. The 
> whole point is to observe the bad guys as they go about their work in a 
> controlled setting without them knowing it.
> 
> The way it works is an intrusion-detection system triggers a virtual alarm 
> whenever an attacker breaches security on one of the networked computers. 
> Meanwhile, an administrator watches everything the intruder types, from 
> commands to emails to chat sessions. A separate firewall is set up to cut 
> the hacker off from the Internet anytime he tries to attack another system 
> from the honeynet.
> 
> Proponents say the latest HoneyNet release includes the following 
> improvements over previous versions:
> 
> 
> The software is prepackaged for easy setup and comes for installation on a 
> single server.
> 
> 
> A new utility called Honey Inspector, which will be released soon, will 
> allow honeypots within the honeynet to be managed and analyzed through a 
> graphical user interface. Eventually, the HoneyNet Project expects to 
> release a bootable CD-ROM that will make installing its version of a 
> honeynet even easier.
> 
> 
> Software includes improvements for breaking encryption codes that hackers 
> often use to communicate with each other.
> 
> 
> The designers claim to have made it harder for hackers to detect that 
> theyve been lured into a honeynet. In the previous version of software, 
> all the surveillance was done at Layer 3. Hackers had to pass through a 
> Layer 3 gateway when entering the honeynet, which often tipped them off to 
> what was happening. But now HoneyNet uses a Layer 2 bridging gateway, 
> making any surveillance invisible to the hacker.
> 
> 
> The upgrade includes an enhanced firewall that blocks harmful attacks, 
> while still allowing hackers to communicate with their associates outside 
> the honeynet. The longer we can keep them in the honeynet without them 
> realizing what is going on, the more information we can gather, says 
> Spitzner. We want them talking to their buddies on the Internet, but we 
> dont want them causing anymore harm.
> 
> So are the Honeynet Project volunteers some sort of cyber police force? Not 
> at all. The not-for-profit groups only purpose is to observe and learn 
> about hacker behavior and share that information with the public. Thats 
> not to say that the information and tools gathered cant be used to catch 
> bad guys. Government agencies like the United States Department of Homeland 
> Security and the Federal Bureau of Investigation (FBI) already use HoneyNet 
> Project information and techniques in their work.
> 
> The HoneyNet Project is not designed for commercial use, according to 
> Spitzner. He says it wouldnt make much sense for an enterprise to spend 
> the resources to build such a network. But network security might use the 
> tools to learn more about hackers and recommend strategies to clients.
> 
> All software on the HoneyNet Project Website is free to download by anyone. 
> For more information, go to The HoneyNet Project.
> 
>  Marguerite Reardon, Senior Editor, Light Reading
> 
> 
> 
> 
> 
> 
> _________________________________________________________________
> Tired of spam? Get advanced junk mail protection with MSN 8. 
> http://join.msn.com/?page=features/junkmail





More information about the cypherpunks-legacy mailing list