Difference between revisions of "OpenChaos/Honeynets"
(Doku zum OpenChaos) |
(added category) |
||
Line 31: | Line 31: | ||
* Detect, circumvent and disable Sebek | * Detect, circumvent and disable Sebek | ||
* [http://www-i4.informatik.rwth-aachen.de/lufg/publications/files/2004-NoSEBrEaK.pdf NoSEBrEaK - Attacking Honeynets] | * [http://www-i4.informatik.rwth-aachen.de/lufg/publications/files/2004-NoSEBrEaK.pdf NoSEBrEaK - Attacking Honeynets] | ||
+ | |||
+ | |||
+ | [[Category:OpenChaos]] |
Revision as of 01:06, 13 November 2004
Folien des OpenChaos unter File:Openchaos-honey.pdf
Contents
Honeynets
- "Track the tool, tactics and motives of the blackhat community"
- Erforschen von Attack Patterns und Angreifer-Verhalten
- Clifford Stoll: The Cuckoo's Egg
- Bill Cheswick, "An Evening with Berferd In which a Cracker is Lured, Endured, and Studied"
- The Honeynet Project
- The German Honeynet Project
- Ermittlung von Verwundbarkeiten mit elektronischen Ködern
Sebek
- Know Your Enemy: Sebek
- Hijack sys_read(), sende alles direkt an Treiber, verstecken des Moduls
Honeywall
- Data capture (tcpdump)
- Data control (blockieren von outgoing malicious traffic, verhindern von DoS)
honeyd
- "Low-interaction honeypot"
- Virtual TCP/IP-stack
- Sammeln von Attack-Patterns
NoSEBrEaK
- Detect, circumvent and disable Sebek
- NoSEBrEaK - Attacking Honeynets