terena logo
18 May 2006
Honeypots Sweeten the Bitter Taste of Cyberattacks

At the NoAH project workshop, held yesterday at the TERENA Networking Conference 2006 in Catania, Sicily, a pilot honeypot infrastructure was unveiled. In the last few years there has been an increase in the number of cyberattacks on the Internet, which is crippling IT infrastructure. The NoAH project works towards building an infrastructure that automatically detects and warns of viruses, worms, trojans and other denial-of-service attacks.

Delegates heard about the Argos emulator, which enables testing for security breaches without compromising the host system. This software is now available to download at: https://gforge.cs.vu.nl/projects/argos.

Manual Costa, from Microsoft Research, presented Vigilante which is an end-to-end approach to contain worms automatically that addresses the limitations of network-centric systems. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other.

Google's Niels Provos presented the honeyd virtual honeypot design. This is a scalable lightweight framework for virtual honeypots which requires low interaction and supports multiple virtual hosts simultaneously and create virtual routing topologies.

Evangelos Markatos, NoAH Project Leader, said: "The trust that we used to place on our network is slowly eroding away. NoAH helps us to understand the nature and causes of cyberattacks and therefore develop counter measures."

Delegates also heard about some practical experiences with the deployment of honeypots which are becoming an important part of aiding traditional incident response work. This included specific types of system compromise, such as polymorphic attacks, remote botnets (networks of compromised machines that are remotely controlled) and application vulnerabilities.

Finally, Ilias Chantzos (Symantec), gave an update on the current policy and regulatory aspects of the use of honeypots.

All the presentations are available to view on the TNC 2006 programme at: http://www.terena.nl/events/tnc2006/programme/sessions/show.php?sess_id=147.

For more information about the NoAH project, visit the website at: http://www.fp6-noah.org/ .