Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Honeynet Project IDs Attackers

Posted by Zonk on from the they-can-see-youuuu dept.

narramissic writes "The Web Honeynet Project, an independent group of Honeynet researchers from Securiteam and the ITOSF, is putting a new twist on Web application honeynets by naming not only the attack details, but the IP addresses and other tracking information about the attackers as well. As security consultant Brent Huston notes, 'This approach is not unheard of, as lists of known high-volume attackers have been circulating through the Net for several years, but this is the first time someone has applied the honeynet concept to making attacker IP data publicly known.'"

8 of 70 comments (clear)

  1. Lawsuits? by beakerMeep · · Score: 3, Insightful

    I wonder if it's just a matter of time before someone sues them for defamation. But still a good thing they are doing. the more pressure on spammers the better.

    --
    meep
    1. Re:Lawsuits? by discord5 · · Score: 3, Insightful

      But still a good thing they are doing

      *cough* PROXY *cough*

      Seriously, anyone doing something nasty on the net is using a proxy, either one from the lists, tor or another hacked machine. Publishing these IP addresses is complete rubbish. It'll point to some machine on the net along a chain of connections.

    2. Re:Lawsuits? by FLEB · · Score: 2, Insightful

      The number of proxies that intentionally allow attacks can be filtered. The proxies and zombies that don't can remedy the problem... or be filtered.

      --
      Information wants to be free.
      Entertainment wants to be paid.
      You just want to be cheap.
  2. Re:If this can happen... by chaosite · · Score: 2, Insightful

    Well, its not "realtime". When do you remove a patched zombie machine? After a month? 2 weeks? This solution doesn't take into account the hordes of otherwise legitimate zombie machines. It won't stop attackers, IMO.

  3. Re:If this can happen... by 140Mandak262Jamuna · · Score: 2, Insightful
    OK, someone had such poor security that his/her machine gets rooted. Why should it be anyone else's responsibility to mark it legitimate as soon as it has been fixed? Why should it be easy to re-legitimize machines/ip addresses that get compromised. Let them jump through the hoops. Let them suffer a little. May be it will serve as a lesson for others to take security seriously.

    Only when the consequences of allowing one's machines to be zombified is serious and high people will take security seriously.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  4. Re:If this can happen... by faloi · · Score: 2, Insightful

    Only when the consequences of allowing one's machines to be zombified is serious and high people will take security seriously.

    "I never could get that darn cable modem to work right after a while. So I swapped to DSL and it's fine again!"

    I think you're overestimating the people this is likely to catch. Most companies are likely to have reasonable security. Most knowledgeable home users are going to have reasonable security. It's the guy that has no idea what they're doing that's going to get in trouble. And I'm betting they're just as likely to swap service providers as they are to think something's wrong with their box. Unless you want to pay more for broadband so they can have the manpower necessary to keep up with blocked machines and make the end users aware...

    --
    "It is a miracle that curiosity survives formal education." -Albert Einstein
  5. Re:This may just exacerbate the botnet issue. by Short+Circuit · · Score: 2, Insightful

    I run a free pc clinic, and I've seen people wait up to a year before getting their computer fixed. Usually, though, it's more like three or four months, and that's only if the computer is unusably slow.

    While handing out fliers on Wednesday, I encountered people who were certain their computers had viruses, but hadn't planned to do anything about it.

    The followup you're describing sounds like the ???? stage in the standard three-step business plan.

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  6. Re:If this can happen... by Anonymous Coward · · Score: 1, Insightful

    So "legitimate" is defined as "paying for the reverse DNS record", not as "Someone intended to set up a mail server to use"?