An Incident and Abuse Analysis of a Compromised Redhat 6.2 Honeypot
Emran Mohd Tamil, and Abdul Hamid Othman, (2007) An Incident and Abuse Analysis of a Compromised Redhat 6.2 Honeypot. Journal for the Advancement of Science & Art, 3 . pp. 29-36.
Official URL: http://www.ucsi.edu.my/jasa/
University of Malaya, Faculty of Computer Science & Information Technology
Universiti Teknologi Mara, Faculty of Information Technology & Quantitative Sciences
Honeypot in computer security is an emerging technology. Any networked computer would attract hackers that intentionally would like to gain unauthorized access to it. A honeypot system is meant to be hacked in order to learn from it, or merely as a deception mechanism. Within this research, we deployed several sets of honeynet architecture consisting of several Operating Sytems as the high interaction honeypot which is connected to the internet via TMNet Streamyx Home DSL connection and monitored by a monitoring station that used Snort IDS. Among all the high interaction honeypots deployed, the redhat 6.2 honeypot is among the most interesting honeypots because it is one of the honeypots that has been successfully penetrated by a hacker who then abused it to launch other attacks against other hosts. The honeypot also has been used as a bot server for several IRC channels. This paper discusses the detail of the hacker’s activity within the deployed honeypot.
Repository Staff Only: item control page