[ISN] Irish Honeynet slammed by attacks

From: InfoSec News (isnat_private)
Date: Fri Mar 14 2003 - 23:22:53 PST

  • Next message: InfoSec News: "[ISN] Network Guardians Face Thorny Job"

    by Andrew McLindon
    March 13 2003
    The Irish Honeynet enticed nearly 600 attacks in January, while the
    rampant Slammer worm even caused it to be brought down for a day
    during the month.
    The decoy computer network, which was established to study cyber
    attackers, recorded 597 attacks during January. Although this was
    slightly down on figures for November (634) and October (613) of last
    year, it is a substantial increase from the early days of the project
    in mid-2002 when it was attracting around 400 attacks a month.
    According to Colm Murphy, technical director with Espion, one of the
    companies involved in the Honeynet, this overall increase is probably
    due to the length of the time that the Irish Honeynet has been on the
    "If it is difficult to know what exactly has caused this jump, but it
    is safe to say that the longer an IP address is on-line, the more it
    will be attacked," Murphy told ElectricNews.Net.
    Designed to imitate common Internet infrastructures, Honeynets are
    "wired" with detection sensors to capture all network activity. A
    Honeynet is not advertised, so any traffic to it is suspicious by
    nature. The idea behind it is to learn more about how hackers and
    would-be attackers operate so that computer systems can be better
    January also saw a demonstration of how potentially destructive the
    recently released Slammer worm could be. The virus, which exploited a
    six-month old vulnerability in Microsoft SQL Server 2000, wreaked
    havoc for a couple of days in the last week of January.
    During that time, it spread rapidly across the world, affecting
    Internet performance from China to the US. Another of its victims was
    the Irish Honeynet, which had to shut down for a day as the bug
    swamped its network with massive amounts of data. However, Slammer
    activity on the Irish Honeynet only accounted for around 10 of the
    total attacks in January.
    Murphy said the impact of Slammer illustrated the need for
    organisations to ensure their systems cannot be crippled by such
    The latest figures from the Irish Honeynet project also showed that
    the US continues to be the origin of the majority of the attacks
    against it.
    "The US has consistently been the largest single source of attack,
    accounting for a huge proportion of the traffic seen on a daily basis
    in the Honeynet," said Gerry Fitzpatrick, enterprise risk services
    partner at Deloitte & Touche, which is the other Irish Honeynet
    partner. "In November 2002, for instance, 46 percent of the total
    attacks on the Irish Internet came from source addresses in America."
    However, as Murphy explained, this does not necessarily mean that
    these attacks are coming from people based in America.  
    "Cyber-attackers would route their attacks through systems based in a
    number of countries. These figures simply show that there are large
    amount of vulnerable systems in the US, which hackers are using to
    launch the last leg of their attacks," commented Murphy.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Sat Mar 15 2003 - 01:14:30 PST