Return-Path: <sentto-279987-4141-1009518018-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 27 Dec 2001 21:42:08 -0800 (PST) Received: (qmail 10465 invoked by uid 510); 28 Dec 2001 05:40:43 -0000 Received: from n22.groups.yahoo.com (216.115.96.72) by all.net with SMTP; 28 Dec 2001 05:40:43 -0000 X-eGroups-Return: sentto-279987-4141-1009518018-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.163] by n22.groups.yahoo.com with NNFMP; 28 Dec 2001 05:40:21 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 28 Dec 2001 05:40:18 -0000 Received: (qmail 85006 invoked from network); 28 Dec 2001 05:40:18 -0000 Received: from unknown (216.115.97.172) by m9.grp.snv.yahoo.com with QMQP; 28 Dec 2001 05:40:18 -0000 Received: from unknown (HELO red.all.net) (12.232.125.69) by mta2.grp.snv.yahoo.com with SMTP; 28 Dec 2001 05:40:21 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fBS5esK04095 for iwar@onelist.com; Thu, 27 Dec 2001 21:40:54 -0800 Message-Id: <200112280540.fBS5esK04095@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 27 Dec 2001 21:40:54 -0800 (PST) Subject: [iwar] [fc:Hackers.to.the.honey:.Hackers.surround.the.Honeynet.like.bees.around.a.honey.pot] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hackers to the honey: Hackers surround the Honeynet like bees around a honey pot By Mark Ward, BBC News Online, 12/27/2001 <a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_1464000/1464959.stm">http://news.bbc.co.uk/hi/english/sci/tech/newsid_1464000/1464959.stm> A decoy computer network set up to record every attempt to crack it open and subvert it has revealed just how active and determined malicious hackers have become. Statistics gathered by the network show that computers connected to the web are scanned for weaknesses up to 14 times per day and that, on average, an attempt will be made to break into a net-connected computer every three days. The good news is that this project has highlighted the attack patterns used by hackers, which could help people predict when they are about to face an assault. The decoy network, made up from six machines, is operated out of the back bedroom of Lance Spitzner, a computer consultant and security expert. Recorded attacks His network is similar to thousands of others operated by small businesses and technology enthusiasts that make up the network of networks we know as the internet, with one significant exception. The network set up and overseen by Mr Spitzner was specifically set up to tempt malicious or "black hat" hackers into fiddling with it. When they do, it records every action they take and every keystroke they make. Mr Spitzner set up the network as part of the Honeynet Project, which aims to gather information about the working methods of black hat hackers to aid organisations that want to avoid their attentions. Too often, said Mr Spitzner, information was gathered in the wake of an attack rather than before it occurred. The Honeynet should help redress the balance. Over the 11-month period from April 2000 to February 2001, the decoy network has been gathering statistics on every attack on the network, every successful takeover and all attempts to make it launch attacks on someone else's behalf. Predictable patterns Although no attempt was made to advertise the existence of the network, it was regularly discovered and attacked. "Theoretically this site should see very little activity, as we do not advertise any services nor the systems," said Mr Spitzner's report on the project. "However, attack they do, and frequently. "If your organisation has any value, or is advertised in any way, you are most likely exposed to even greater threat," the report warns. At busy times, the network was being scanned up to 14 times per day by black hat hackers, using automated tools that probe the net's networks looking for specific vulnerabilities. The six computers making up the network were also regularly attacked by crackers looking to see if they had well-known vulnerabilities patched up. The report said that, on average, any computer newly connected to the web would only have to wait three days before hackers came calling. In one instance, someone tried to crack open one of the Honeynet computers a mere 15 minutes after it went online. More honey But the news is not all bad. The report reveals that because malicious hackers are using automated tools to find and fiddle with networks, they follow predictable attack patterns. The report found a strong link between the type of scanning or probing a network would suffer and the subsequent attacks that would be launched upon it. Using these data, companies might be able to work out the vulnerabilities of their networks and take action before the hackers come to visit. Mr Spitnzer, a former tank commander and founding member of the Honeynet Project, has been joined by a rough coalition of 30 others, including security experts, psychologists, technologists and forensic scientists. The report was released in advance of a book produced by Honeynet members entitled Know Your Enemy, which is due to go on sale later this year. Proceeds from the sale of the book will be used to establish other, larger Honeynets, helping to gather more accurate statistics about how malicious hackers ply their trade. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Win a Capcom Console Game of Your Choice Or Even a Capcom Arcade System. Click Here to Enter. http://us.click.yahoo.com/tmpz8B/exbDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST