Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Honeynet Project IDs Attackers

Posted by Zonk on from the they-can-see-youuuu dept.

narramissic writes "The Web Honeynet Project, an independent group of Honeynet researchers from Securiteam and the ITOSF, is putting a new twist on Web application honeynets by naming not only the attack details, but the IP addresses and other tracking information about the attackers as well. As security consultant Brent Huston notes, 'This approach is not unheard of, as lists of known high-volume attackers have been circulating through the Net for several years, but this is the first time someone has applied the honeynet concept to making attacker IP data publicly known.'"

3 of 70 comments (clear)

  1. Re:Lawsuits? by deft · · Score: 4, Informative

    I believe defamation is when you say somebody did something they -didn't- do. otherwise you're just stating a fact. (I could be wrong though.)

    For instance, I could say your post was legally incorrect; and if I'm right, then that is a fact, not defamation. If I said you're a big doo doo head for doing that.... defamation!

    (making it the first declaration of defecation description defamation ever).

    --

    There's nothing Intelligent about Intelligent Design.
  2. Yes ... and no. by khasim · · Score: 2, Informative

    Publishing these IP addresses is complete rubbish. It'll point to some machine on the net along a chain of connections.
    If the crackers know what they're doing, the logs on the proxy are going straight to /dev/nul so they don't ever leave a trace on the hard drive.

    BUT there is a chance that the local law enforcement can put a sniffer on that connection at the ISP level and track the connection that way.

    The major problems with that is ...
    #1. Coordinating law enforcement efforts in various countries

    #2. Educating the enforcement agencies in those countries

    #3. Finally busting the cracker ... and charging him with what? The laws vary depending upon his country.

    Even if all of that was accomplished, there would be another zombie master along in a few days to take over the vulnerable machines that are left behind.
  3. Slight copy of another existing project by mrkitty · · Score: 2, Informative

    http://www.webappsec.org/projects/

    This project is already gathering data and will be publishing the results shortly.

    --
    Believe me, if I started murdering people, there would be none of you left.