 |
|
Home > Virtual honeypots: Tracking botnets |
|
|
|
Virtual honeypots: Tracking botnets |
|
| 29 Oct 2007 | Addison-Wesley Publishing |
|
|
In Chapter 11 of Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz, learn how to use virtual honeypots to track botnets and other malware in your clients' systems. The book will help you understand what botnets are and how they are detected. Learn to defend your clients' computers using these botnet trackers.
In this chapter we discuss how honeypots can be used in the real world to learn about threats. We will start by showing you what can be learned about threats such as malware and botnets -- networks of compromised machines that can be remotely controlled by an attacker. Botnets can cause much harm in
today's Internet. For example, they are often used to mount Distributed Denial of Service (DDoS) attacks or to send out spam or phishing mails. Moreover, botnets can be used for mass identity theft or other abuses of the compromised machines.
|
| Virtual Honeypots: From Botnet Tracking to Intrusion Detection |
| Download the entire chapter in full as a .pdf file |
|
|
|
|
Honeypots allow us to learn more about this threat. We can use the tools
introduced in the previous chapters combined with some other tools to study botnets in detail. In this chapter, we introduce the underlying methodology and present our results based on real-world data. We first describe what bots and botnets are and then introduce a methodology to track botnets. Based on the collected data, we
give an overview of common attack techniques seen in the wild. We conclude this chapter with a brief overview of several ways for botnet mitigation.
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
 Home: Virtual honeypots: Tracking botnets
1: Bot and botnet 101
2: Tracking botnets
3: Case studies
4: Defending against bots
5: Summary
| About the book: |
|
| Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there's a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.
In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you'll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you've never deployed a honeypot before. Purchase
Virtual Honeypots: From Botnet Tracking to Intrusion Detection from Addison-Wesley Publishing. |
| About the authors: |
|
| Niels Provos is a senior staff engineer at Google. He developed Honeyd, an open source virtual honeypot that won the Tops in Innovation award from Network World, and is one of the cocreators of OpenSSH. Provos holds a degree in mathematics from the University of Hamburg and a Ph.D. in computer science and engineering from the University of Michigan.
Thorsten Holz is a Ph.D. student at the Labratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. He regularly blogs at http://honeyblog.org.
|
|
|
|
|
|
|
| TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of . |
|
| | |
All Rights Reserved, , TechTarget |
|
|
|
|
|
