Identifying hacking and abuse threats towards a home dsl internet connection with high interaction honeypot implementation / Emran Mohd Tamil

The number of home DSL subscribers has been increasing and this trend is expected to continue in years to come. At the same time the number of hacking and abuse cases targeted at host that is connected to the internet also has been rising. There is a need to identify whether host that is connected t...

Full description

Saved in:
Bibliographic Details
Main Author: Mohd Tamil, Emran
Format: Thesis
Language:English
Published: 2004
Online Access:https://ir.uitm.edu.my/id/eprint/64437/1/64437.PDF
https://ir.uitm.edu.my/id/eprint/64437/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The number of home DSL subscribers has been increasing and this trend is expected to continue in years to come. At the same time the number of hacking and abuse cases targeted at host that is connected to the internet also has been rising. There is a need to identify whether host that is connected to the internet via DSL internet connection are also vulnerable to hacking and abuse threat from the internet. The threat would be identify with the implementation of high interaction honeypot. A honeynet architecture consist of normal OS as the high interaction honeypot is connected to the internet via DSL connection and monitored by a monitoring station that used Snort IDS. It is found out that computer that connected to the internet via DSL connection also exposed to hacking and abuse threat. The research recorded a total of 19120 attack alert generated by snort. One of the honeypot deployed has been abused as an IRC bot server. The attack experienced including scanning activity, attempted admin, worms and even marketing advertisement.