Create an Army of Raspberry Pi Honeypots on a Budget

Posted on August 2, 2014 by mea

Organizations typically focus on monitoring inbound and outbound network traffic via firewalls, yet ignore internal network traffic due to the complexity involved. In the scenario above, a firewall will not protect or alert us.

By running honeypots on our internal network, we are able to detect anomalous events. We gain awareness and insight into our network when network hosts interact with a Raspberry Pi honeypot sensor. Since there isn’t a good reason to interact with it (since it doesn’t do anything), activity on the Raspberry Pi is usually indicative of something roaming around our network and a possible security breach.

via Create an Army of Raspberry Pi Honeypots on a Budget | ThreatStream.

“Honey Encryption” Could Trick Criminals with Spoof Data

Posted on January 29, 2014 by mea

“Decoys and deception are really underexploited tools in fundamental computer security,” Juels says. Together with Thomas Ristenpart of the University of Wisconsin, he has developed a new encryption system with a devious streak. It gives encrypted data an additional layer of protection by serving up fake data in response to every incorrect guess of the password or encryption key. If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data.

via “Honey Encryption” Could Trick Criminals with Spoof Data | MIT Technology Review.

The Mathematics of Gamification

Posted on January 5, 2014 by mea

At Foursquare, we have a simple, first-principles based method of resolving proposed venue attribute updates. We can gauge each Superuser’s voting accuracy based on their performance on honeypots (proposed updates with known answers which are deliberately inserted into the updates queue). Measuring performance and using these probabilities correctly is the key to how we assign points to a Superuser’s vote.

The Math

Let’s make this more concrete with some math.

via The Mathematics of Gamification | Foursquare Engineering Blog.

5 Reasons Every Company Should Have A Honeypot

Posted on October 2, 2013 by mea

While honeypots have been used widely by researchers to study the methods of attackers, they can be very useful to defenders as well. Here are five advantages that the digital sandboxes can bring to companies.

via 5 Reasons Every Company Should Have A Honeypot — Dark Reading.

Honeypots fill the gap, because attackers have a much more difficult time predicting their use and countering the defenses, Strand says. Because production honeypots are machines that no legitimate user should be accessing, they also have a low false positive rate.

The Pirate Bay Helps to Expose Copyright Troll Honeypot

Posted on June 7, 2013 by mea

The Pirate Bay logs not only link Prenda to the sharing of their own files on BitTorrent, but also tie them directly to the Sharkmp4 user and the uploads of the actual torrent files.

The IP-address 75.72.88.156 was previously used by someone with access to John Steele’s GoDaddy account and was also used by Sharkmp4 to upload various torrents. Several of the other IP-addresses in the log resolve to the Mullvad VPN and are associated with Prenda-related comments on the previously mentioned anti-copyright troll blogs.

via The Pirate Bay Helps to Expose Copyright Troll Honeypot | TorrentFreak.

Time To Set Up That Honeypot

Posted on April 28, 2013 by mea

Still not sure where to start? Take a look at the Active Defense Harbinger Distribution (ADHD) project, which is part of the Samurai family of Linux-based LiveCD distributions. ADHD provides a bootable ISO that contains the two previously mentioned tools and many others that are specifically focused on providing early warning detection of attacker activity. Some of those are more geared toward alerting, because, technically, no computers should be communicating with the honeypot so all traffic has the potential to be considered malicious.

via Tech Insight: Time To Set Up That Honeypot — Dark Reading.

Honeypot Stings Attackers With Counterattacks

Posted on March 26, 2013 by mea

The PHP portion included a field for “members” to enter their “secret code” to enter the “private zone,” he explains. “So it’s a good idea to try a SQL injection attack” there, he says of the lure.

“My script had [a] few checks for some patterns, and when a SQL injection attempt was detected, the script [threw the] Java applet, ‘GUI for member zona. Welcome,'” he says. The Java applet then installed a backdoor on the attacker’s Windows machine, he says.

via Honeypot Stings Attackers With Counterattacks – Dark Reading.

In his research paper (PDF) on the experiment, Sintsov explains it this way: “Obviously, reverse penetration has a number of moral, ethical and legal issues

The Honeynet Project

Posted on October 19, 2012 by mea

The HoneyMap shows a real-time visualization of attacks against the Honeynet Project’s sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org!

via Blogs | The Honeynet Project.

Bucktown Bell

Cut to the chase.

Tag Archives: honeypot