Implementation of High Interaction Honeypot to Analyze the Network Traffic and Prevention of Attacks on Protocol/Port Basis
نویسندگان
چکیده
Network security deals with two types of communities black hats and white hats. The era of security has come when the white hats are not only interested in defending the networks but are keen to make fool of the black hats. Looking at the other side of the mirror, the black hats have also evolved new methods of breaching the security. The work in this paper is based on implementation of low-interaction and high-interaction honeypots along with the deployment of honeywall gateway. Honeywall gateway acts as reverse firewall that allows all type of traffic (both good and bad) to enter the system to facilitate analysis and learning. Honeywall gateway is the heart of the work that is involved in capturing, controlling, and analysis of data. The captured data is further categorized on protocol and port basis. The methodology used can be summarized into three steps: • Monitoring the attack traffic • Analyzing the attack type and method • Responding to the attacker to capture in depth information. The work is intended to analyze the attacker's activities once it is logged and captured by honeywall and accessed through the walleye interface.
منابع مشابه
An Advanced Hybrid Honeypot for Providing Effective Resistance in Automatic Network Generation
Increasing usage of Internet and computer networks by individuals and organizations and also attackers’ usage of new methods and tools in an attempt to endanger network security, have led to the emergence of a wide range of threats to networks. A honeypot is one of the basic techniques employed for network security improvement. It is basically designed to be attacked so as to get the attackers’...
متن کاملA Dynamic Approach for Honeypot Management
Honeypot is a security device the value of which lies mainly in discovering and inspecting, being attacked and being at risk. Most of the present Honeypots are configured and installed on the network statically. In some cases considerations have been made on dynamic configuration of Honeypots at the time of installation but still no study have been carried out on how to instantaneously change t...
متن کاملImproving Tor security against timing and traffic analysis attacks with fair randomization
The Tor network is probably one of the most popular online anonymity systems in the world. It has been built based on the volunteer relays from all around the world. It has a strong scientific basis which is structured very well to work in low latency mode that makes it suitable for tasks such as web browsing. Despite the advantages, the low latency also makes Tor insecure against timing and tr...
متن کاملHoneypot architectures for IPv6 networks
The decrease of available IPv4 addresses and the requirement for new features demands Internet service providers to deploy IPv6 networks. It is not a question of if, but when new network attacks will appear, which target the comparatively new network protocol. Virtual honeypots provide an important tool for the observation of assaults in computer networks. In contrast to intrusion detection sys...
متن کاملA Dynamic Approach for Honeypot Management
Honeypot is a security device the value of which lies mainly in discovering and inspecting, being attacked and being at risk. Most of the present Honeypots are configured and installed on the network statically. In some cases considerations have been made on dynamic configuration of Honeypots at the time of installation but still no study have been carried out on how to instantaneously change t...
متن کامل