Professional Documents
Culture Documents
D
Department
t t off C
Computer
t S Science
i &E
Engineering
i i
CryptographyandNetworkSecurity
yp g p y y
Laboratory
TheNeedforIT
TheNeedforITSecurity
IncreasedConnectivityhasledtoincreasein
FrequencyofCyberAttacks
fC b A k
TheVirulenceofthesecuritythreats
Themaliciousattacksdonotrequiresophisticatedskillsor
hardware
A13yearoldboyranaDDOSattackonwww.grc.com.
LackofexpertisetoaddressthischallengeiscitedasRootCause
by UK Information Security Breaches Survey 2004 PWC
byUKInformationSecurityBreachesSurvey,2004.PWC.
HaveYouSeen?
Emailswithunwantedattachments
PC/systemnotrespondingtoyou
PC/systemnotrespondingtoyou
butdoessomethingonitsown
PCbecomingveryslow
Mailsaskingyoutoverifyyourbankaccountdetails??
Mails
MailstalkingabouthiddenfortuneofadictatorinAfrica?
talking about hidden fortune of a dictator in Africa?
Someonecopyingtheimportantfile
Someonecopyingtheimportantfile design,quotation.
fromyourPCwithoutyourknowledge
y y g
AttacksonMalaysianCorporates
No of Attacks
NoofAttacks Growth
Dec2004 6.7
8.2%
8.2%
Jan2005
J 2005 25 5
25.5 278%
Feb2005 15.4
39.7%
39.7%
Source MalaysianComputerEmergencyResponse
Team,website www.mycert.org.my
CorporateInitiatives
Source ZDnetITPrioritySurvey
PriorityforITSecurity
SecurityProjectswerePriority
#3,in2004.
20%oftheTopProjects.
In 2005 security
In2005,security
implementationsareexpectedto
be15%offutureplans.
ZDnet
CryptographyandNetworkSecurity
yp g p y y
TrainingKit
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Network Identification
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
Benefits
UniqueOneStopSolutionComprehensiveTrainingKitforVariousIT
UniqueOneStopSolutionComprehensiveTrainingKitforVariousIT
SecurityTopics
Cryptography
NetworkandSystemSecurityThreats
Viruses&Trojans
Webvulnerabilities
ComprehensiveCourseware
Thetrainingdesignandthecoursewarewascreatedincollaborationwith
seniorprofessorsatAnnaUniversity
seniorprofessorsatAnnaUniversity KBC,Chennai
Benefits cont
Fifteennodescanconnecttothecentralcontrolunit
Eachnodecanactas
BlackPC
BlackPC Runcyberattacksorcripplenormalnetworkservices
oras
TrustedPC
TrustedPC Runcounter
Runcountermeasurestokeepnetworkservices
normal
Usersworkonmanagingnetworkservicesunderreallifecyberthreats
ConnectseveralPCsemulateanetwork(Internet)
ConnectseveralPCsemulateanetwork(Internet) tocreatenecessary
environment,relevanttothetopicforexperiments
IsolatedfromInternetorLAN
I l t df I t t LAN
Cryptography
CryptographicConcept
Cryptography
CryptographicTechniquesarecategorizedasshownbelow
Cryptography RC4(RivestCipher)
SymmetricEncryptionScheme,StreamCipher RC4
SymmetricEncryptionScheme,StreamCipher
Samekey(password)forencryptionanddecryption
Cryptography RC4
Communication
Cryptography RC4
Experiment Encryption
Experiment
Cryptography RC4
Experiment Decryption
Experiment
Cryptography RC4
Experiment Decryption
Experiment
Cryptography SDES(SimpleDataEncryptionStandard)
SymmetricEncryptionScheme,BlockCipher
DESuses64bitblockswith56bitkeys
y
SimpleDESuses10
SimpleDESuses10bitskeytogeneratetwo8
bitskeytogeneratetwo8bitkeys
Pl
Plaintextisbrokenintoblockof8
Plaintextisbrokenintoblockof8
i i b k i bl k f 8bits
bi
Cryptography SDES
SDESKeyGeneration
Cryptography SDES
ExperimentforS
ExperimentforSDES
DES KeyGeneration
Cryptography SDES
ExperimentforS
ExperimentforSDES
DES Encryption
Cryptography SDES
ExperimentforS
ExperimentforSDES
DES Decryption
Cryptography 3DES(TripleDES)
3DESevolvedtogivemorestrength
Encrypt decrypt encryptprocessforafulldataencryption
3keysgivenfor3timesofDESoperation
y g p
Cryptography 3DES
Cryptography 3DES
Experimentfor3
Experimentfor3DES
DES Encryption
Cryptography TripleDES
Experimentfor3
Experimentfor3DES
DES Decryption
Cryptography RSA(AsymmetricBlockCipher)
AsymmetricBlockCipher)
AsymmetricEncryptionScheme,BlockCipher
Separatekeysforencryption(publickey)anddecryption(privatekey)
Separatekeysforencryption(publickey)anddecryption(privatekey) no
needtodisclosetheprivatekeytoanyoneandsoconsideredmoresecure
Cryptography RSA
Communication
Cryptography RSA(AsymmetricBlockCipher)
AsymmetricBlockCipher)
ExperimentforRSA
ExperimentforRSA KeyGeneration
Cryptography RSA(AsymmetricBlockCipher)
AsymmetricBlockCipher)
Cryptography MD5(MessageDigest)
MessageDigestAlgorithm
Aonewayfunctiontousewithsignatures,certifications,downloadableapplications
Aone
Computes
Computes128bitvaluefromanylengthinputdata
Computes128bitvaluefromanylengthinputdata
128 bit value from any length input data abinaryoratext
a binary or a text
Evenabit/bytechangeintheinputcancauseconsiderablechangeinthe128bit
output
Makeslifedifficultwhenanyonealtersthecontentofthefile
Example:attachingaviruswithagamefileoranutility
changingthecontentsofadocument
Cryptography MD5
Operation:
Splitsmessage/datainto512bitblocks
S lit /d t i t 512 bit bl k
Appendbitsattheendtomakemessageasmultipleof512bitsblocks
Usea128bitinitialvectorwiththe1st512bitblockandcomputeMD5
UsepreviousblockMD5(128bitvalue)forsuccessiveblockcomputationandarriveatafinal
128bitmessagedigestvalue
Cryptography MD5
ExperimentforMD5
ExperimentforMD5 MessageInput
Cryptography MD5
ExperimentforMD5
ExperimentforMD5 OperationwithYBits
Cryptography MD5
ExperimentforMD5
ExperimentforMD5 OperationwithEachBlock
Cryptography BlockCipherModes(ECB)
ElectronicCodeBook(ECB)
Encrypt/decryptindividualblocks
Eachbyteisencryptedbythekey
y yp y y
E
Encryption
ti
Decryption
Cryptography BlockCipherModes(ECB)
ExperimentforECB
ExperimentforECB EncryptionMode
Cryptography BlockCipherModes(ECB)
ExperimentforECB
ExperimentforECB DecryptionMode
Cryptography BlockCiphermodes(CBC)
Encryption
CipherBlockChaining(CBC)
XORpreviousblockcipher
textwithcurrentplaintext
bl k d th
blockandthenencrypttoget
tt t
thecurrentcyphertext
Needsinitialchainingvector
Needs initial chaining vector
(ICV)forthefirstblockand Decryption
thisneedstobechangedto
avoidrevealinginitialpattern
Cryptography BlockCiphermodes(CBC)
Cryptography BlockCiphermodes(CBC)
Cryptography BlockCiphermodes(CFB)
CipherFeedBack(CFB)
Encryptpreviousblock
cypher text and then XOR
cyphertextandthenXOR
Encryption
withtheblockofplaintextto
getthecyphertext
ThisalsoneedsICVforthe
firstencryptedblock
Decryption
Cryptography BlockCiphermodes(CFB)
ExperimentforCFB
ExperimentforCFB EncryptionMode
Cryptography BlockCiphermodes(OFB)
OutputFeedBack(OFB)
SameasCFBexceptthattake
theciphertextoftheprevious
h h f h
blockbeforeitgetXORed
withitsplaintext Encryption
Decryption
Cryptography BlockCipherModes(OFB)
WebServicesUsingCryptoTechniques
PKI
ExtensionofRSA
Usesacertificationmechanismbywhichpublickeyandprivatekeysare
obtained:
bt i d
PublicandprivatekeypairsareobtainedthroughTrustedAuthority
PublicandprivatekeypairsareobtainedthroughTrustedAuthority
RootCertifyingAuthority(RootCA);SubCA.
R t CA
RootCA
SUBCA
EntityCertificate
AvoidsanyattackslikeMAN
A id
AvoidsanyattackslikeMAN
k lik MANin i theMiddlewhilepassingpublickey
in h Middl hil i bli k
Bothkeysareintheformofcertificatesthatcanbestoredinsystems
Noneedtorememberalengthynanddvaluestodecrypt
MD5 also used to digitally sign those certificates to avoid alteration
MD5alsousedtodigitallysignthosecertificatestoavoidalteration
WebServicesUsingCryptoTechniques
PKI:Experiment
p
PKI:Experiment CertificationCreation
WebServicesUsingCryptoTechniques
PKI:Application
pp
WebServicesUsingCryptoTechniques
Authenticationschemes
PasswordorIP
PasswordorIP userlog
userlogin
UseridandpasswordmatchingorIPaddressmatchingtoallow
User id and password matching or IP address matching to allow
user.
Art&scienceofhidingdatawithinanotherdatalikeimagefiles,audiofiles,
ht l fil
htmlfiles
Withoutrevealinganyclueofsuchhiddeninfoduringnormalusageof
suchfile.
ContrasttoCryptography
ContrasttoCryptography
yp g p y encrypteddatawillindicateinsomeform
yp
thatencryptiontookplace
Isinpracticeforaverylongtime
Isinpracticeforaverylongtime datesbacktoseveralcenturies
Writingmessagewithmaterialslikelimejuicewhichwillnotbeseen
h l lk l h h ll b
withnakedeye
Etchingmessagesinsmallpiecesofwoodandwaxingthemtolooklike
tablets
Hidinginnormaltextitself
Messagesshrunktothesizeofdotsandhiddenincharacterdotssuch
asi,jetc.,.
WebServicesUsingCryptoTechniques
g g p y
Steganography
Twotypes:
Insertion:
I ti U
UsingLSBofimagefiles
i LSB f i fil
Transformation: Mathematicaltransformations
WebServicesUsingCryptoTechniques
g g p y
Steganography
Experimentationallowsuserto:
Inputtextfiletheneedstobehiddenandthejpegimagefilethatcarriesthe
hiddentext
Selecttheorderofembedding
Selecttheorderofembedding linearorshuffled
SelectencryptoptiontouseF5algorithmtoembeddataintheimagefile
Select encrypt option to use F5 algorithm to embed data in the image file
Suggestions:
Embedatextfileusinglinearorshuffledoptionandcomparetheresultwiththe
originalimagefileforanyclaritydegradationwithnakedeye
Increasethetextfilesizeforagivenimagefileandcomparetheclarityassaid
above
Use
Useauniformcolouredimagefile
a uniform coloured image file sayasinglecoloured,darkorlightand
say a single coloured, dark or light and
checkforclarityoftheimage
WebServicesUsingCryptoTechniques
g g p y
Steganography
Experimentfor
NetworkIdentification
NetworkEnumeration
Discoveryofremotehostsorsystemsinanetwork
Firststepnormallytakenbynetworkadministratorsandhackersfortheirown
Fi t t ll t k b t k d i i t t dh k f th i
purposes
Purpose:
Systemidentification
InternetControlMessagingProtocol(ICMP)packetsorTCP/IPinsome
casesusedforthis
PingSweep,ICMPping,TCPpingtechniquesareused
p p p q
Portscanningandservicesidentification
Portsarevirtualentryandexitwaysfordatatransferbetweenhostand
client
StandardserviceslikeHTTP,FTP,SSHetc.,usesstandardportslike80,21,
, , , p , ,
22whileotherapplications/servicescanuseanythingbetween1024~64K
TCPpacketsandsometimesUDPpacketsareusedtoscanports
OSdetection
NetworkIdentification
NetworkEnumeration
Experimentationallowsuserto:
Identifythesystem/hoststhatareupandrunninginthei
Id tif th
Identifythesystem/hoststhatareupandrunninginthei
t /h t th t d i i th iSECURITnetwork
SECURIT t k
Identifyopenportsofahostinthei
IdentifyopenportsofahostintheiSECURITnetworkwithouttheknowledgeofanyone
usingit
GuesstheOSrunninginsuchhosts
Suggestions:
Usethesetechniquestoidentifyhosts,portsinDoSattackexperiment
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
NetworkIdentification
NetworkEnumeration
Network/SystemThreats DoS
1)) OperatingSystemAttach
p g y
Attackbugsinspecific
operatingsystems
Andcanbefixedwithpatches
Network/SystemThreats DoS
2)NetworkingAttack
2) N t ki Att k
Exploitinherentlimitations
of
networkingandmay
R
Requirefirewallprotection
i fi ll t ti
Network/SystemThreats DoS
DenyusersaccessingservicessuchasFTP,HTTP
SendhugenumberofrequestsinseveralwaystoaparticularserviceoraOSand
makeitsloworcrashtherebydenyingservicetolegitimateusers
Types:
OSattack
OSattack exploitsbugsinOSandtryattackingit
UsuallysolvedbytheOSvendorsbymeansofpatches
UsuallysolvedbytheOSvendorsbymeansofpatches butnewbugs
cropsupandsoattackcontinues
Network/SystemThreats DoS
Networkattack
Smurfattack
Smurfattack SpoofvictimsIPaddressandfloodwithICMPpingrequest
TCP
TCPSYNattack
SYNattack OnlyinitiateTCPhandshakeandcauseservertoqueue
acknowledgementsandtherebymakingitsloworcrash
Pingofdeathattack(oversizedpacketattack)
Ping of death attack (oversized packet attack) now
nowreduceddueto
reduced due to
softwareupdatesbyvendorswhichsafelydiscardsoversizedTCPpackets
inPingcommand
SendseveralTCPSYNpacketswithfalsesendersIPaddresstoserverand
make
makeittimeoutinsendingacknowledgements
makeittimeoutinsendingacknowledgements
it timeout in sending acknowledgements createsaackqueueandso
creates a ack queue and so
slowsdown
GETDoSattack
GETDoSattack attackport80(HTTPservice)byestablishingseveralGET
requestsusuallyfromseveralmachines(DistributedDOS)
Network/SystemThreats DoS
Experimentationallowsuser:
ToattackaFTPservicethroughport21andmakeitdenytheserviceaftersome
time
UsercanalsohaveafeelofDoSattackbyseeingthenumberofconnections
establishedtothehostsunderattackbyusinganOSinternalcommandnetstat
y g
Suggestions:
AttackFTPportinWindowsandcomparetheresponsewiththatofLinux
system
t
TryattackingHTTPportatport80inWindowsandLinux
Attackaservicefromseveralmachineswhichmaybedistributedinanetwork/internet
Attackaservicefromseveralmachineswhichmaybedistributedinanetwork/internet all
attacking at the same time
attackingatthesametime
Crackerplantsattackingagents/softwarecodesinseveralmachines
withouttheuserknowledgebywayofTrojans/wormsand
maytriggerallofthemthroughabackdoortoattackaserviceatthesametime
i ll f h h h b kd k i h i
Network/SystemThreats DDoS
ExperimentsuggestsperformingaDDoSattackfromseveralmachinesconnectedtoi
ExperimentsuggestsperformingaDDoSattackfromseveralmachinesconnectedtoiSECURIT
on a FTP service
onaFTPservice
Suggestion:
ComparethetimetakenbetweenDosandDDoStobringdowntheFTPservice
ComparethetimetakenbetweenDosandDDoStobringdowntheFTPservice useatleast
3 agents to attack under DDoS
3agentstoattackunderDDoS
CaptureTCP/IPpacketsthatpassesinanetwork
Foranalysisincaseofadministrator
F l i i f d i i t t
Forstealingdataincaseofhacker
Broadcastpacketscanbecapturedinaswitchedenvironment
SpecificIPpacketswhichdoesnotcomeinthevicinityofthesniffingsystem,inswitched
environment,cannotbecaptured
Switchmaybemadetobroadcastallpacketsandsnifferwillthencapturethem
Switchmaybemadetobroadcastallpacketsandsnifferwillthencapturethem MAC
fl di
flooding
Network/SystemThreats Sniffing
Sniffersusuallyhaveanalyzersbuiltin
Varietyofpackets
Varietyofpackets TCP,ARP,UDP,ICMP
TCP,ARP,UDP,ICMP willbetravelinginanetworkand
socategorizingthemispartofanalyzingtool
Sniffingcanbepreventedby
Sniffing can be prevented by
usingSecureShell(SSH)connections
usingSecureShell(SSH)connections forFTP,TELNETaccess
PrettyGoodPrivacy(PGP)orPKIorSecureMultipurposeInternetMail
Extension(S/MIME)
Extension(S/MIME) fore
foremail
Securesocketlayer(SSL)
Securesocketlayer(SSL) forbrowsers
Network/SystemThreats Sniffing
Experimentationallowsusertocaptureseveralpacketspassingacross2different
networkini
networkini
t k i iSECURITandgiveasimplefeedbackaboutthepackettype.
SECURIT d i i l f db k b t th k tt
Completepacketdumpisalsoavailablefortheusertotryanalysingitontheirown
Suggestion:
SendPingcommandacross2networkandcapturepacketswithpacketsniffer
toolandanalyseitcontents
Usemailsnifferapplicationtocapturepacketssentbymailclient
Usemailsnifferapplicationtocapturepacketssentbymailclient sendtext
mailandencryptedmail
Network/SystemThreats Spoofing
Network/SystemThreats Spoofing
Methodtogainaccesstoanothercomputerpretendingtobeatrusteduser
Types:
IPspoofing
IPspoofing ChangethesenderIPaddresstoatrustedIPaddressandsend
packets
MACspoofing
MACspoofing ChangetheMACaddresstoanotherNICsMACaddressand
sendpacketstofoolthereceiver
IfitisanunknownMACaddr,switchwillsendARPpacketsandthe
spoofingmachinecansendafalseIPaddressandthenstartaIPspoofing
Network/SystemThreats Spoofing
Webspoofing
Webspoofing
actoftrickingwebbrowsertotalktoahackerservertocollectdata
Usingwebscriptsinwebpagescanbethestartingpointforwebspoofing
U i b i t i b b th t ti i tf b fi
Emailspoofing
mailspoofing
Changeasendersnametoaknownnametotherecipientandthentryto
sendunwanteddata,maliciouscodes
Network/SystemThreats Spoofing
Experimentationallowsuser:
TTodoIPspoofandMACspoof
d IP f d MAC f
CaptureIPpacketsusingEtherealapplicationatthedestinationmachineandobservethe
packetssendersaddress
S
Suggestion:
i
WhiledoingtheIPspoofing,trywithanexistingIPinthenetworkandanunknownIPand
observetheconditioninnetworkusingEthreal
Maliciouscodesarrivingintoasystem/PClikeTrojanhorsestory
Maliciouscodescomesalongwithanormalapplication(gameorautility)and
getsdroppedwhentheappisexecuted
Thedroppedcodeswillbecomeactiveandopensupadoor(backdoor)tosetup
The dropped codes will become active and opens up a door (backdoor) to setup
aconnectiontothehackersystem
Candootherfunctions,passontoothersystemsinthenetdependingonhackers
i t ti
intention
Backdooraccessisalsousedbyremotecontrolapplicationsforadministration
purposesorforlicensemanagementofanapplication
p p g pp
MalwareTools
j pp
Trojans,Dropper&Backdoors
User PC
Download an
application (for
example a game)
Remote download
(Dropper pretends to Game Trojan
server or a hacker
be a game) (Intended (Hooked up with
server hosting free
application)
pp ) the g
game
applications for
application)
download
Connect to
Remote PC
(backdoor)
Remote PC
listening to Activate Listen for packets &
the trojan reconstruct
(Eavesdropping)
MalwareTools
j pp
Trojans,Dropper&Backdoors
Experimentationinvolves
downloadingasamplegamethatalsohasamaliciouscode
downloadingasamplegamethatalsohasamaliciouscode Trojan
Trojangetsdroppedintheclientsystemwhenthesamplegameis
executed
MaliciouscodethenconnectstotheHackersystemthroughaport
(calledbackdoorasitisopenedbyamaliciouscode)togiveaccessto
h k
hacker
Aconfigurationfileisalsoavailablewiththedownloadedgamein
which
whichuser(asahacker)canchangetheIPaddressofasystemthrough
user (as a hacker) can change the IP address of a system through
whichtheaffectedsystemcanbecontrolled
thehackersystemcanthencontrolthisgamesystem
MalwareTools
j pp
Trojans,Dropper&Backdoors
Suggestions:
Trysendingsensitivefiletohackersystemthroughthebackdoorbyspecifying
thefilenameintheconfigurationfile
Seeifananti
See if an anti
antivirustooldetectsthesemaliciouscodeactivity
virus tool detects these malicious code activity
ObservethismaliciouscoderunningmomentarilyintheWindowsTask
ManagersProcessestab
VIRUS VitalInformationResourcesUnderSiege
VIRUS
Maliciouscodesdoingunwantedactionswithfilesorsystemsandalso
passingontoinfectothersystemsthroughe
passingontoinfectothersystemsthroughemails,filesormedia
Classification
Bootsector,filetype,macro,script,parasitic,stealth,polymorphic
viruses
AVmethods
Scanningforknownsignaturepatterns
Checksumscanningforfileintegrity
Ch k i f fil i i
Heuristicscantodifferentiatebetweennormalandmaliciousactivity
Behaviourblockers
Behaviourblockers residesinmemorytodetectunusualmemory
pattern
patterninallocationorusage
in allocation or usage
MalwareTools Virus&AVMethods
Experimentationallowsuser:
Toselectafileandgetaknownharmlesssignatureattachedtoit
T l t fil d t k h l i t tt h d t it
Detectthepresenceofsignaturebyscanningand
Checkthefileintegrity(usingMD5)beforeandafterattachingthevirus
WebVulnerabilities
p g
WebBasedPasswordCapturing
WebVulnerabilities SQLInjection
WebVulnerabilities BufferOverflow
WebVulnerabilities Honeypots
Adecoysystemthataredesignedtolureanattackerawayfromacriticalsystem
Att
Attackerthinksthatitmaybearealsystemandtriesallmischievoustechniques
k thi k th t it b l t dt i ll i hi t h i
Thesestepsarecapturedforanlaysistounderstandtheattackersmotive,
activity
Types:
Lowinteraction
emulatesonlylimitedservicesandOS;attackersactivityislimitedtothe
levelofemulation
Ex:anemulatedFTPservicelisteninginport21andallinteractionslimited
onlytoFTP
g
HighInteraction
Emulatesarealsetupincludingallapplicationsandservicesandgivesareal
environmentforattackers
Helpstolearnfullbehaviourofanattacker
WebVulnerabilities Honeypots
WebVulnerabilities Honeypots
Usage:
Production
P d ti
Toprotectthesystemsthatareinrealuseinnetworksbydivertingthe
attacker/automatedattacktoahoneypotandslowingdowntheattackprocess
UsuallymonitorsunusedIPs,looksforunwantedscanningtothoseIPsbyattackers
andslowsdownthespreadofattacktoothersystems
and slows down the spread of attack to other systems
Research
Tocollectorlogalltheactivitiesanattackertriesoutinthosesystemsforfurther
researchpurpose
research purpose
WebVulnerabilities Honeypots
Experimentationallows:
Settingupasinglehoneypotsystemandtryvariouscommandsthatonecan
thinkofasahacker
sayvariouspasswordanduserIdcombinationstogainaccesstoasystem
listingdownthefilesinafolder,deletingsomeofthemetc.,.
listing down the files in a folder, deleting some of them etc.,.
EntrytothesystemafterfewtriesofdifferentpasswordsforFTPorTelnetaccess
tothatsystem
Viewingthelogfilesitcreatesandobservethelistofallthetriedcommands
Viewingthelogfilesitcreatesandobservethelistofallthetriedcommands
rightfromgainingentrytothesystem
i ht f i i t t th t
Note:
Thisexperimentassumesthatthehackerisroutedtothehoneypotsystem
bythefirewall
y
WebVulnerabilities Honeypots