Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical FW: [ISN] New Honeypot Mimics The Web Vulnerabilities Attackers Want ToExploit

  • From: Howell, Paul
  • Date: Wed Nov 04 09:00:20 2009 

-----Original Message-----
From: isn-bounces@infosecnews.org [mailto:isn-bounces@infosecnews.org]
On Behalf Of InfoSec News
Sent: Wednesday, November 04, 2009 1:11 AM
To: isn@infosecnews.org
Subject: [ISN] New Honeypot Mimics The Web Vulnerabilities Attackers
Want ToExploit

http://www.darkreading.com/database_security/security/app-security/showA
rticle.jhtml?articleID=221300001

By Kelly Jackson Higgins
DarkReading
Oct 29, 2009 

A next-generation Web server honeypot project is under way that poses as

Web servers with thousands of vulnerabilities in order to gather 
firsthand data from real attacks targeting Websites.

Unlike other Web honeypots, the new open-source Glastopf tool 
dynamically emulates vulnerabilities attackers are looking for, so it's 
more realistic and can gather more detailed attack information, 
according to its developers. "Many attackers are checking the 
vulnerability of the application before they inject malicious code. My 
project is the first Web application honeypot with a working 
vulnerability emulator able to respond properly to attacker requests," 
says Lukas Rist, who created Glastopf.

Rist, a student, built Glastopf through the Google Summer of Code (Gsoc)

2009 program, where student developers write code for open-source
projects. 
His Web honeypot was one of the Honeynet Project's Gsoc projects.

Unlike other Web honeypots that use templates posing as real Web apps, 
Glastopf basically adapts to the attack and can automatically detect and

allow an unknown attack. Glastopf uses a combination of known signatures

of vulnerabilities and also records the keywords an attacker uses when 
visiting the honeypot to ensure it gets indexed in search engines, which

attackers often use to find new targets. The project uses a central 
database to gather the Web attack data from the Glastopf honeypot 
sensors installed by participants who want to share their data with the 
database.

[...]



------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.