Project Objectives
- Gain extensive knowledge of best practices in network security techniques
- Experience real time monitoring of network-centric attacks, particularly bots and botnets
- Gain valuable insight on attack patterns and intruders’ intent
- Develop tools and countermeasures to cope with network-centric attacks proactively
Another important objective of our honeynet project is to promote interdisciplinary research by exploring sociological and criminological dimensions of hackers. Towards these ends we are interested in data that could lead to:
- A useful hacker typology based on attack strategies and sophistication
- The number of attackers associated with various attack strategies
- Any social relationships between attackers that can be observed in the honeynet
- Honeynet related chatter in on-line forums
- Attack frequency, methodology, and sophistication
Lessons Learned
- Vmware is a great way to learn how to deploy a honeynet
- Easy to take an image off-line for analysis and quickly replace it
- Inexpensive, one machine can deploy the entire network
- Safe, shutting down a vm image is easier than ordinary operating systems if a problem arises
- Worm traffic is still prevelent
- Most of our traffic is from MySql worm propagation attempts
- Walleye is a great analysis tool
- Walleye allows you to go directly to an area of interst for packet analysis
