Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003."— Presentation transcript:

1 Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003

2 Research areas Prototyping a distributed honeynet using GenII “Honeywall” technologies SU grad students producing database for clean/compromised system images Developing a client/server in FIRE for loading these images onto systems over the network Developing host integrity checking functions in FIRE to simplify/semi-automate analysis Aim to isolate malware artifacts for reverse engineering Aim to study cross-sector activity and trends

3 Honeynet Research Alliance Pacific North West Honeynet Project Open to UW, SU, ISU, UI students/fac/staff Provides Lots of hands/eyes to install, monitor, test… Network diversity Honeypot diversity Increased chances of “interesting” activity

4 Honeynet Research Alliance Locations: UW, SU, ISU, UI networks Future: Extend to REN ISAC?

5 Honeynets Using new GenII “Honeywall CD-ROM” x86 compatible PC with three NICs >= 20GB hard drive >= 512MB RAM One or more honeypots per honeynet Initially independent, later will centralize logs

6 Honeywall

7 Data Control

8 Is it perfect? …No

9 Honeypots Preparation Entire drive written with zeros (no residue) Partitions as small as possible (minimize footprint in database and network transfer time) 2 - 3 partitions on each drive Operating System “live” partition Image copy of OS (not mounted) Swap partition (if OS requires one) MD5 hash both OS partitions before going “live” (to verify integrity) MD5 hash all blocks (to find changes faster) [Automate using database & client/server]

10 Database Index on useful attributes OS type (e.g., Windows, Linux) OS version (e.g., Win2k, RH7.2) Services enabled Partitions used Partition sizes MD5/SHA1 hashes of partitions MD5/SHA1 hashes of blocks on OS partition Status (e.g., Clean, Compromised) Etc…

11 Front end Runs on custom FIRE CD User interface to database Client/server to manage bits on disk Upload bits on disk to database Hash partitions/blocks, gather attributes, etc. Chose image, prep drive, load Chose image, compare with bits on disk (detect changes since install) Potential for hardware assist (or NG-TCB?)

12 Use in Forensic Course Lab Student boots lab system using custom FIRE CD Chooses which compromised system to analyze Bits loaded to disk, verified Student performs analysis, answers specific questions (which are compared with analysis in database) Repeat…

13 Resources “The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks” http://www.tracking-hackers.com/papers/gatech- honeynet.pdf http://www.tracking-hackers.com/papers/gatech- honeynet.pdf http://project.honeynet.org/ http://staff.washington.edu/dittrich/pnw-honeynet/reading/

Download ppt "Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003."

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.

INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.
Linux Installation LINUX INSTALLATION. Download LINUX Linux Installation To install Red Hat, you will need to download the ISO images (CD Images) of the.

Linux Installation LINUX INSTALLATION. Download LINUX Linux Installation To install Red Hat, you will need to download the ISO images (CD Images) of the.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.

Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.
Installing Windows 7 Lesson 2.

Installing Windows 7 Lesson 2.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.

Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Unit 6- Operating Systems.  Identify the purpose of an OS  Identify different operating systems  Describe computer user interaction with multiple operating.

Unit 6- Operating Systems.  Identify the purpose of an OS  Identify different operating systems  Describe computer user interaction with multiple operating.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.

11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
Manuka project IEEE IA Workshop June 10, 2004. Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.

Manuka project IEEE IA Workshop June 10, Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.
PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.

PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.
MCITP: Microsoft Windows Vista Desktop Support - Enterprise Section 1: Prepare to Deploy.

MCITP: Microsoft Windows Vista Desktop Support - Enterprise Section 1: Prepare to Deploy.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.

Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Machine Emulation & Developer Workstation Environment – Microsoft’s VirtualPC Dan Dyer Metrolist, Inc.

Machine Emulation & Developer Workstation Environment – Microsoft’s VirtualPC Dan Dyer Metrolist, Inc.

Similar presentations

Ads by Google