June 3rd, 2003 05:31 PM
I've read many thread the last few daze about ppl being scanned. Here is a very interesting article about hacking activity over the net thanx to the 4 years honeynet project experience.
That’s one of the amazing things. If you put the computer out there with no perceived value, it will probably get scanned 10 – 20 times a day. This is any system. I’m not talking about corporations. Even a home system on cable, DSL or ISDN – a dedicated connection – they are also getting scanned 10 – 20 times a day
. The hackers are getting very active because it’s very simple to hack. You just download the tool and run the tool.
That’s one of the interesting things we’ve learned. Because of these honeynets, we see what these guys do afterwards so we can monitor their motives. There is a misconception that people think these attackers are misguided youths exploring the Internet. The reality is that the vast majority of these individuals have criminal intent. They are out to make money.
People scour the Internet for e-mail addresses to build databases of stolen e-mail to sell to spammers. Stolen PayPal accounts or stolen eBay accounts – there is a tremendous amount of criminal activity going on. It’s extremely hostile.
[shadow] SHARING KNOWLEDGE[/shadow]
June 3rd, 2003 06:05 PM
I think running honeypots is a good idea for security, cuz the more honeynet servers there are out there the harder it will be to know what is a honeynet server and what is a 'legitimate' target. (do i need to state here that hacking other people's computers is illegal ?)
The project.honeynet.org site is a nice site if you want to learn more about honeynets. They also have monthly scan in which you can participate to see if you have any forensic skills. Some scans are rather hard where others are aimed at the beginner/intermediate. They also cover a wide variety of attack methods ranging from discovering port scans (and what scans were used) to studying ethereal logs discovering a box participates in a botnet to the discovery of stegano-hidden files.
By looking at the old scans and the answer that came from them you will have quit a learning experience.
I really liked scan 24 and 26.
Nice post Networker.
June 4th, 2003 02:52 AM
i read a post from lance (honeynet) talking about integrating honeynet as an subset to IDS/IPS system...