Cover V11, I08

Article

aug2002.tar

syslog

The articles in this issue describe various tools and techniques for detecting whether your system has been cracked, and if so, what to do. A common thread throughout these articles is that much can be learned from analyzing the features of these attacks.

One of the articles in particular ("Administering a Distributed Intrusion Detection System" by Johannes B. Ullrich and Wayne Larmon) describes the efforts of Dshield.org (http://www.dshield.org), an organization that assembles and analyzes detection log data from networks all over the world. Dshield.org then studies this data for unusual activity in an attempt to identify sites that may be participating in Internet attacks.

Another security organization, the Honeynet Project, is taking a different approach to analyzing attacks. After one of its own Honeynet systems was compromised, the Honeynet Project issued a public challenge to examine the binary that had been installed. According to the Web site, the goal of this "Reverse Challenge", which was issued in May, is "to allow incident handlers around the world to all look at the same binary -- a unique tool captured in the wild -- and to see who can dig the most out of the tool and communicate what they've found in a concise manner." The mission for participants is to identify the purpose of the tool, describe how it works, and to show their methods of analysis. The results of the challenge were not available at press time, but can be found at http://project.honeynet.org/.

Honeynets in general are systems set up specifically in the hope that "blackhats" will attempt to crack them so that security experts can then observe the crackers' methods. According to the Honeynet Project's Web site, the goals of this volunteer-based organization are to raise awareness of threats and vulnerabilities that exist in the Internet today, to provide information to better secure and defend resources, and to teach and provide the technology and methods of information gathering. Some of the methods and technology that have been learned through the Project's efforts can be found in the book Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community by The Honeynet Project (Addison-Wesley, 2001). Lance Spitzner, one of the book's co-authors and a Honeynet Project founder, has another book coming out. It's called Honeypots: Tracking Hackers and will be available in September from Addison-Wesley. Good luck keeping those "blackhats" at bay.

Sincerely yours,

Amber Ankerholz
Editor in Chief

 

 
© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com