Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Honeypots to Fight Worms

Posted by CmdrTaco on from the we-hates-them-tony dept.

scubacuda writes "Laurent Oudout, an active member of the French Honeynet Project (part of the Honeynet Alliance), has written a paper evaluating the usefulness of using honeypots in fighting Internet worms. (Imagine a well-constructed honeypot framework capturing a worm, redirecting worm traffic to fake services, and launching counter attacks to clean infected hosts!)"

3 of 229 comments (clear)

  1. idiocy by RMH101 · · Score: 5, Insightful
    so you have loads of honeypots out there waiting for worms to exploit them, then you redirect these to "fake services". Whoop-de-hoop.
    I don't think worm writers are going to care very much. If they're spammers, then some more of their spam will go in the bin - but it's not costing them, so who cares?

    On top of this you are definitely on crack if you think that "launching counter attacks to clean infected hosts!" is a) a good idea or b) legal.

  2. legal way to have internet connection shutoff by Dark+Fire · · Score: 5, Insightful

    Welchia proved that good intentions can be disasterous. Even well-intentioned actions could damage someone's livelihood or equipment and open up the vigilante to criminal/civil penalties. A better approach would be a quick legal remedy that would permit one party to obtain a court order ordering the ISP of another party to cut off their internet access until they complied with the remedy (fixing the issue). The ISP is given 10 business days to notify the customer of the court order. An ISP could then try and verify the claim and file a response themselves if they find the claim unsubstantiated, or they could pass on the claim to the customer who would then would be responsible for replying. If the customer or ISP replied without properly addressing the claim or fixing the issue, they would be liable for criminal penalties and fines under the law. Wow, this whole idea ended up sounding kind of draconian which is not at all what I was going for. Any thoughts?

  3. Nice try (with fixed link) by Tom · · Score: 5, Insightful

    It is a nice attempt at active worm defense.

    Unfortunately for him, I have just published a paper that shows that and how future worms will be much too fast for his - or anyone elses - manual defense methods.

    In short, I've demonstrated that by the time he's starting to analyze the worm, it has already infected 90%+ of the vulnerable machines.

    As soon as worm writers acquire some coding skills (most of the past worms were pathetic), all defenses that require manual actions will be too slow.

    Sorry.

    --
    Assorted stuff I do sometimes: Lemuria.org