Difference between revisions of "OpenChaos/Honeynets"
(Doku zum OpenChaos) |
Mario Manno (talk | contribs) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 31: | Line 31: | ||
* Detect, circumvent and disable Sebek | * Detect, circumvent and disable Sebek | ||
* [http://www-i4.informatik.rwth-aachen.de/lufg/publications/files/2004-NoSEBrEaK.pdf NoSEBrEaK - Attacking Honeynets] | * [http://www-i4.informatik.rwth-aachen.de/lufg/publications/files/2004-NoSEBrEaK.pdf NoSEBrEaK - Attacking Honeynets] | ||
| + | |||
| + | |||
| + | [[Category:OpenChaos]][[Category:Code]] | ||
Latest revision as of 10:42, 20 October 2005
Folien des OpenChaos unter File:Openchaos-honey.pdf
Contents
Honeynets
- "Track the tool, tactics and motives of the blackhat community"
- Erforschen von Attack Patterns und Angreifer-Verhalten
- Clifford Stoll: The Cuckoo's Egg
- Bill Cheswick, "An Evening with Berferd In which a Cracker is Lured, Endured, and Studied"
- The Honeynet Project
- The German Honeynet Project
- Ermittlung von Verwundbarkeiten mit elektronischen Ködern
Sebek
- Know Your Enemy: Sebek
- Hijack sys_read(), sende alles direkt an Treiber, verstecken des Moduls
Honeywall
- Data capture (tcpdump)
- Data control (blockieren von outgoing malicious traffic, verhindern von DoS)
honeyd
- "Low-interaction honeypot"
- Virtual TCP/IP-stack
- Sammeln von Attack-Patterns
NoSEBrEaK
- Detect, circumvent and disable Sebek
- NoSEBrEaK - Attacking Honeynets
