Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Honeypots to Fight Worms

Posted by CmdrTaco on from the we-hates-them-tony dept.

scubacuda writes "Laurent Oudout, an active member of the French Honeynet Project (part of the Honeynet Alliance), has written a paper evaluating the usefulness of using honeypots in fighting Internet worms. (Imagine a well-constructed honeypot framework capturing a worm, redirecting worm traffic to fake services, and launching counter attacks to clean infected hosts!)"

2 of 229 comments (clear)

  1. Illegal by axehind · · Score: 1, Redundant

    and launching counter attacks to clean infected hosts Sounds illegal.... Unauthorized access to someone elses computer comes to mind. axehind

  2. Nice try by Tom · · Score: 1, Redundant

    It is a nice attempt at active worm defense.

    Unfortunately for him, I have just published a paper that shows that and how future worms will be much too fast for his - or anyone elses - manual defense methods.

    In short, I've demonstrated that by the time he's starting to analyze the worm, it has already infected 90%+ of the vulnerable machines.

    As soon as worm writers acquire some coding skills (most of the past worms were pathetic), all defenses that require manual actions will be too slow.

    Sorry.

    --
    Assorted stuff I do sometimes: Lemuria.org