[ISN] New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit

From: InfoSec News <alerts_at_private>
Date: Wed, 4 Nov 2009 00:11:06 -0600 (CST)
http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=221300001

By Kelly Jackson Higgins
DarkReading
Oct 29, 2009 

A next-generation Web server honeypot project is under way that poses as 
Web servers with thousands of vulnerabilities in order to gather 
firsthand data from real attacks targeting Websites.

Unlike other Web honeypots, the new open-source Glastopf tool 
dynamically emulates vulnerabilities attackers are looking for, so it's 
more realistic and can gather more detailed attack information, 
according to its developers. "Many attackers are checking the 
vulnerability of the application before they inject malicious code. My 
project is the first Web application honeypot with a working 
vulnerability emulator able to respond properly to attacker requests," 
says Lukas Rist, who created Glastopf.

Rist, a student, built Glastopf through the Google Summer of Code (Gsoc) 
2009 program, where student developers write code for open-source projects. 
His Web honeypot was one of the Honeynet Project's Gsoc projects.

Unlike other Web honeypots that use templates posing as real Web apps, 
Glastopf basically adapts to the attack and can automatically detect and 
allow an unknown attack. Glastopf uses a combination of known signatures 
of vulnerabilities and also records the keywords an attacker uses when 
visiting the honeypot to ensure it gets indexed in search engines, which 
attackers often use to find new targets. The project uses a central 
database to gather the Web attack data from the Glastopf honeypot 
sensors installed by participants who want to share their data with the 
database.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Nov 03 2009 - 22:11:06 PST

This archive was generated by hypermail 2.2.0 : Tue Nov 03 2009 - 22:23:04 PST