"Computers at risk? security awareness first line of defense" - Kaie
(IT security haiku)

Language: English Chinese Dutch French Italian Spanish

Menu:

• Home
• Project
• Definitions
• Papers
• Events
• Archive
• Contact us

The site is partially supported by ReSIST "Network of Excellence"

Project description

Platforms uptime status

This graphs shows how many platforms were up and running during the last 30 days.

Summary

We have developed and deployed the very same low interaction honeypots setup for more than three years in a large number of different places. The project has triggered interest from many organizations (academic, industrial and governmental). Platforms are now located all over the world, covering around 30 countries in the 5 continents. We capture all traffic to and from these platforms, store it into a sophisticated SQL database, enrich it with contextual information, such as geographical information of the attackers, os fingerprinting, domain names reverse lookups, etc. We cluster together, thanks to some novel technique, all traces that are likely due to the very same attack tool. We offer access to all our partners to the whole database and provide an easy-to-use graphical interface to query it in a rather intuitive way.This enables our partners to see how differently they are attacked than the others. Is it more or less often, by the same people, using the same techniques, etc.?
The agreement between us and each partner is very simple. To become a partner, an institution simply needs to agree to host one of our platforms. As a consequence, they get access to the whole dataset accumulated throughout the last 3 years. They also need to sign a Non Disclosure Agreement where they commit not to reveal neither the names of the partners nor the names of the attackers.

Requirements:

Technically speaking, the installation of one of our platforms is rather straightforward and does not require expensive resources. A simple Pentium II, 500 Mhz, with 1 GB Hard Disk and 128 Mbytes of memory is enough, by far. Four public IP addresses are also required to launch the platform. The Eurecom Intitute takes care of the installation by providing the platform image and all configuration files. On a daily basis, we collect the data on the platform thanks to a secure, with bidirectional authentication, channel. We also verify the integrity of the file system every day.

To participate:

Very easy: send us an email!

Jun 29, 2007

Copyright © 2007 (Network Security Team - Eurecom).