Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
By
Itzik Jislin
Yiftach Benjamini
Supervisor: Ben Bershtein
Introduction
What is a Honeypot?
Honeypot Overview
A Honeypot has no functional
value
A Honeypot does not do anything
active. Its value lies in the
knowledge that any access to the
Honeypot is probably malicious
In a perfectly safe network a
Honeypot should see no traffic at
all
Minimal resources
Since Honeypots are not intended to
actually server a magnitude of clients
they need very little resources
Simple
Honeypots are simple to install and
maintain
Risk
Depending on the type of the
Honeypot the risk can be greater or
lesser. But there is always a risk to
the network when a multitude of
servers are active in it.
Prevention
Sticky Honeypots slow down
scanning capabilities of attackers by
slow response times
If the usage of Honeypots is publicly
known it might deter hackers from
attacking the network for fear of
being caught
Overview - Threats
Viruses
Pieces of software that attach to
innocent files. Consume computers
recourses and may be even more
malicious (deleting files, ruining
hardware, etc). Rely on social
engineering for spreading
Worms
Self propagating code. Searches for
communication vulnerabilities and
uses them to infect more computers
at an exponential rate.
Overview - Threats
Humans
White Hats Good Hackers searching
for vulnerabilities in order to report
them and increase security awareness
Black Hats Hackers with personal gain
or mayhem in mind. Break into systems
in order to steal or corrupt data.
Script Kiddies Tool users. No real
understanding of what the are doing.
Techniques usually include scanning for
a system and then hammering it with
various tools in order to find a
vulnerability.
Our Solution
The path to implementation
Example:
Send the string:
/..%%35%63..%%35%63..%%35%63..%
%35%63winnt/system32/cmd.exe?/c+dir+c:
Vulnerabilities check
N-Stealth Security Scanner
Phase III
Implement
Based On
Visual C++ .net
Visual Basic .net (GUI)
Winsock2
ODBC
Honeypot Architecture
Deployment:
Attacker
Network Scan
Honeypot Architecture
The program is divided into two
main applications.
GUI Allows an easy way of starting
and stopping the servers, searching
through collected data and displaying
statistics
Honeypot_Core Creates and
maintains the servers. Collects the
data from the users and updates the
databases
Honeypot Architecture
Block Diagram
Honeypot Architecture
Communication between GUI and
core is done over Winsock
Why Winsock?
Answer:
There were many available options:
RPC, Signaling, Shared memory, And much
more
Honeypot Architecture
myServer
Honeypot Architecture
TELNETServer
The purpose is to observe the
Honeypot Architecture
TELNETServer
Demonstration
Summery
Summery
Honeypots are a cheap and simple
way to add protection to a
network
Honeypots allow the study of
attackers methods of operation.
And help developing new ways for
countering them.
Thanks!
We wish to thank: