Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 16 Dec 2018, 12:12
All times are UTC - 4
 Forum index » Off-Topic Area » Security
honeynet.org
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
prehistoric


Joined: 23 Oct 2007
Posts: 1736

PostPosted: Wed 14 Dec 2016, 15:34    Post subject:  honeynet.org
Subject description: open source fight against malicious Internet attacks
 

This is a request for feedback from people with relevant experience. I just became aware of honeynet.org when I did a search while explaining some problems of Internet security and spam email to a naive user.

This sounds like something I wanted to do back around 2010. It is also dealing with a shift in tactics I've been following. While there are still plenty of poorly-configured servers out there, I am seeing more client-side exploits. These can take place either while targets are browsing the web, or while they are reading HTML email, and assuming they aren't really at risk because they are using a service they consider secure. ("See, it even says HTTPS.")

A couple of tools discussed include Thug and Rumal.

This also suggests a use for the legions of old computers we collect which aren't up to running the latest bloatware. Configure these as honeypots and plug them in when you leave the keyboard to get some sleep.

I've been wasting way too much time dealing with the consequences of malware and spam. I feel it's well past time to start shooting back. Razz
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 13110
Location: Arizona USA

PostPosted: Wed 14 Dec 2016, 19:18    Post subject:  

Could you include a synopsis of what they do, how they work?
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1736

PostPosted: Wed 14 Dec 2016, 20:28    Post subject:  

@Flash

If you are asking about the organization, that is what I'm asking others to tell me. All I can say is what their stated aims are. I'm just starting to read material about them, so my understanding is not reliable.

If you're asking about the two tools I linked: thug behaves like a browser, as seen from the Internet, and collects information about what happens when it visits a site. This material is quite complicated, so Rumal displays the data as a web page to help people analyze that data.

The two together yield information about suspect web sites, given only the URL to start with.

This would have saved a great deal of time when BarryK and others were being hit with attacks defacing their sites with pornography; underneath there were redirects to university sites with poisoned SEO caches that sent people to sites selling V*i*a*g*r*a, while the real purpose was to redirect people into drive-by downloads of malware. We had to follow quite a long trail to get to the source.

These are just two open-source tools that happened to catch my eye.

I'm very discouraged about the ability of major companies selling programs said to control a problem which provides them a steady revenue stream. M$ sells an OS with serious deficiencies which invite attacks; Symantec sells security software to sort of patch the problem; when security fails, victims suffer from ID theft for which Lifelock sells solutions. M$ owns Symantec which now owns Lifelock. Don't expect the problem to go away as a result of anything this commercial combination does.

I've been surprised at how long it took for DDoS attacks to bring down major businesses, as in the Dyn attack. I know damn well that companies and governments will sit on information they have, leaving the public at risk. The answer seems to me to be a distributed response, making major attacks a losing proposition. You don't have to have perfect security, you just need to cost exploiters money.

If the only effect of running traps is to get yourself blacklisted by spammers, that is still worth something.

An example which I was explaining to a naive user will help to motivate this. I've attached a file of text from a spam email. There is no executable code. The text was actually not visible to the recipient because of cascading style sheets. Because I don't run HTML email it was easy for me to find this text.

Does anyone think it takes advanced AI to tell that a message containing this is spam? What else would you expect to find at URLs included in the message?
clickbait.txt.gz
Description  keywords "salting" email message to get past spam filters
gz

 Download 
Filename  clickbait.txt.gz 
Filesize  7.27 KB 
Downloaded  67 Time(s) 
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0489s ][ Queries: 12 (0.0083s) ][ GZIP on ]