[iwar] [fc:Hackers.to.the.honey:.Hackers.surround.the.Honeynet.like.bees.around.a.honey.pot]

From: Fred Cohen (fc@all.net)
Date: 2001-12-27 21:40:54


Return-Path: <sentto-279987-4141-1009518018-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 27 Dec 2001 21:42:08 -0800 (PST)
Received: (qmail 10465 invoked by uid 510); 28 Dec 2001 05:40:43 -0000
Received: from n22.groups.yahoo.com (216.115.96.72) by all.net with SMTP; 28 Dec 2001 05:40:43 -0000
X-eGroups-Return: sentto-279987-4141-1009518018-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.163] by n22.groups.yahoo.com with NNFMP; 28 Dec 2001 05:40:21 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_1_3); 28 Dec 2001 05:40:18 -0000
Received: (qmail 85006 invoked from network); 28 Dec 2001 05:40:18 -0000
Received: from unknown (216.115.97.172) by m9.grp.snv.yahoo.com with QMQP; 28 Dec 2001 05:40:18 -0000
Received: from unknown (HELO red.all.net) (12.232.125.69) by mta2.grp.snv.yahoo.com with SMTP; 28 Dec 2001 05:40:21 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fBS5esK04095 for iwar@onelist.com; Thu, 27 Dec 2001 21:40:54 -0800
Message-Id: <200112280540.fBS5esK04095@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 27 Dec 2001 21:40:54 -0800 (PST)
Subject: [iwar] [fc:Hackers.to.the.honey:.Hackers.surround.the.Honeynet.like.bees.around.a.honey.pot]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hackers to the honey: Hackers surround the Honeynet like bees around a honey pot 
By Mark Ward, BBC News Online, 12/27/2001
<a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_1464000/1464959.stm">http://news.bbc.co.uk/hi/english/sci/tech/newsid_1464000/1464959.stm>

A decoy computer network set up to record every attempt to crack it open
and subvert it has revealed just how active and determined malicious
hackers have become. 
Statistics gathered by the network show that computers connected to the
web are scanned for weaknesses up to 14 times per day and that, on
average, an attempt will be made to break into a net-connected computer
every three days. 
The good news is that this project has highlighted the attack patterns
used by hackers, which could help people predict when they are about to
face an assault. 
The decoy network, made up from six machines, is operated out of the
back bedroom of Lance Spitzner, a computer consultant and security
expert. 
Recorded attacks 
His network is similar to thousands of others operated by small
businesses and technology enthusiasts that make up the network of
networks we know as the internet, with one significant exception. 
The network set up and overseen by Mr Spitzner was specifically set up
to tempt malicious or "black hat" hackers into fiddling with it. When
they do, it records every action they take and every keystroke they
make. 
Mr Spitzner set up the network as part of the Honeynet Project, which
aims to gather information about the working methods of black hat
hackers to aid organisations that want to avoid their attentions. 
Too often, said Mr Spitzner, information was gathered in the wake of an
attack rather than before it occurred. The Honeynet should help redress
the balance. 
Over the 11-month period from April 2000 to February 2001, the decoy
network has been gathering statistics on every attack on the network,
every successful takeover and all attempts to make it launch attacks on
someone else's behalf. 
Predictable patterns 
Although no attempt was made to advertise the existence of the network,
it was regularly discovered and attacked. "Theoretically this site
should see very little activity, as we do not advertise any services nor
the systems," said Mr Spitzner's report on the project. "However, attack
they do, and frequently. 
"If your organisation has any value, or is advertised in any way, you
are most likely exposed to even greater threat," the report warns. 
At busy times, the network was being scanned up to 14 times per day by
black hat hackers, using automated tools that probe the net's networks
looking for specific vulnerabilities. 
The six computers making up the network were also regularly attacked by
crackers looking to see if they had well-known vulnerabilities patched
up. 
The report said that, on average, any computer newly connected to the
web would only have to wait three days before hackers came calling. In
one instance, someone tried to crack open one of the Honeynet computers
a mere 15 minutes after it went online. 
More honey 
But the news is not all bad. The report reveals that because malicious
hackers are using automated tools to find and fiddle with networks, they
follow predictable attack patterns. 
The report found a strong link between the type of scanning or probing a
network would suffer and the subsequent attacks that would be launched
upon it. Using these data, companies might be able to work out the
vulnerabilities of their networks and take action before the hackers
come to visit. 
Mr Spitnzer, a former tank commander and founding member of the Honeynet
Project, has been joined by a rough coalition of 30 others, including
security experts, psychologists, technologists and forensic scientists. 
The report was released in advance of a book produced by Honeynet
members entitled Know Your Enemy, which is due to go on sale later this
year. Proceeds from the sale of the book will be used to establish
other, larger Honeynets, helping to gather more accurate statistics
about how malicious hackers ply their trade.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Win a Capcom Console Game of Your Choice Or Even a Capcom Arcade System. Click Here to Enter.
http://us.click.yahoo.com/tmpz8B/exbDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST