蜜罐技术 (13)
QEMU 是一个面向完整 PC 系统的开源仿真器。除了仿真处理器外,QEMU 还允许仿真所有必要的子系统,如连网硬件和视频硬件。它还允许实现高级概念上的仿真(如对称多处理系统(多达 255 个 CPU)和其他处理器架构(如 ARM 和 PowerPC)。本文将研究 QEMU 及其架构,并展示了如何在 Linux® 主机上仿真来宾操作系统。
Monitoring the Attacker’s Activities in Wireless Networks
A design and architectural overview
We’ve been developing a paper to create awareness and help to guide the deployment of wireless honeypots, mainly centered on 802.11 (WiFi) technologies. The paper is focused on providing a design and architectural overview for the deployment of wireless honeypots, coined as HoneySpots.
We’re currently involved in deploying these technologies, capture attacks and related information, develop analysis tools, and will publish a future paper with the findings. Meanwhile, we would like to publicly promote the deployment of these technologies by releasing this paper. If you are interested in developing or/and deploying wireless honeynets, contact us at project at (removethis)honeynet.org.es. The Spanish Honeynet Project wants to promote this research area, including multiple wireless technologies, mainly 802.11 and Bluetooth today, with future additions such as WiMAX.
Know your Enemy:
Web Application Threats
Using Honeypots to learn about HTTP-based attacks
What is GHH?
Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.
The High Interaction Honeypot Analysis Toolkit (HIHAT) allows to transform arbitrary PHP applications into web-based high-interaction Honeypots. Furthermore a graphical user interface is provided which supports the process of monitoring the Honeypot and analysing the acquired data.
Honey At Home is the "@home" implementation of the NoAH project, aiming to facilitate the gathering of information on cyber-attacks. It is designed to be simple to manage and lightweight on system resource usage .Many broadband connections offer the end user an option that was not available up until now: allocating more than one IP addresses for one connection. Bussiness connectivity packages available to small-to-medium enterprises usually make available blocks of four up to eight IP addresses. However, not all of them are used, creating an opportunity for NoAH to manage this space. An increased geographical coverage enables researchers in the NoAH project to better understand the spread of malware. Just like other "@home" approaches, which take advantage of processing power available on idle desktops, honey@home takes advantage of "idle" IP address.
Introduction
NoAH is a three-year project to gather and analyse information about the nature of Internet cyberattacks. It will also develop an infrastructure to detect and provide early warning of such attacks, so that appropriate countermeasures may be taken to combat them.
What is Argos?
Argos is a full and secure system emulator designed for use in honeypots. It is based on Qemu, an open source emulator that uses dynamic translation to achieve a fairly good emulation speed.
libemu-0.1.0.tar1195629932 21/11/2007,15:25 549.31 Kb
nepenthes-0.2.0.tar1195629940 21/11/2007,15:25 891.87 Kb
1. What is Nepenthes?
Nepenthes is a low interaction honeypot like honeyd or mwcollect. Low Interaction Honeypots emulate _known_ vulnerabilities to collect information about potential attacks. Nepenthes is designed to emulate vulnerabilties worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular. There are module interface to
- resolve dns asynchronous
- emulate vulnerabilities
- download files
- submit the downloaded files
- trigger events (sounds abstract and it is abstract but is still quite useful)
- shellcode handler