Hackers make a beeline

Hackers make a beeline

LAS VEGAS'When the Naval Postgraduate School in Monterey, Calif., designed a so-called honeynet to trap hackers, it worked even better than expected.
Before researchers had finished setting up the network, it had been hacked and put to use to scan other systems on the Internet.
At the Black Hat Briefings here this month, Honeynet project members shared observations of hackers at work. They depicted an aggressive black-hat group continually searching for vulnerable computers.

'The fastest that one of our systems has been attacked has been within 15 minutes,' said Lance Spitzner, a Honeynet founder and security architect for Sun Microsystems Inc.

The shortest average life span for a system under attack was 72 hours for a server running Red Hat Linux 6.2 from Red Hat Inc. of Durham, N.C. On average, hackers compromised three systems each month on an eight-IP-address network that did not advertise itself.

But that's OK. A team of 30 security professionals from Canada, Holland, Israel and the United States designed its 2-year-old honeynet to be compromised.

'Nothing is emulated,' Spitzner said. Once inside a honeynet, a hacker can be monitored keystroke by keystroke.

The researchers have written a series of 'Know Your Enemy' papers, and a book of the same name will be published next month.

The original honeynet, a collection of spare servers running a variety of operating systems over an Integrated Services Digital Network line in Spitzner's home, has been taken down.

The project has spawned cooperative honeynets at the Navy school and at the University of Pennsylvania. Now, project members are seeking funds for a more elaborate network to attract the most sophisticated attacks.

'William Jackson

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.