Title: | HoneyNet: A platform for studying Hacker Behaviors and Computer Forensics |
Date: | 30th August 2003 |
Time: | 14:00 - 17:00 |
Venue: | T.Y. Wong Hall 5/F, Ho Sin-Hang Engineering Building, CUHK, Shatin ( floor plan) (http://www.cuhk.edu.hk/en/cumap.htm, Building H25 ) |
Speaker: | Alan S. H. Lam |
Abstract:
A Honeypot is an Internet-attached server designed to
detect and monitor the activities of computer intruders.
HoneyNet is a network of these honeypots with
high interaction design. CUHK has launched the HoneyNet
project since June 2002. This seminar reviews some findings
from this HoneyNet project, which include hacking techniques,
intruders' activities after break-ins, and some general
intruders' behaviors. Some intruders' activities will be described
and illustrated with live demonstrations through scene
reconstruction. Forensic techniques used to examine the data
obtained from the HoneyNet and the technical details of the
HoneyNet implementation will also be discussed.
Seminar Outline:
Presentation Slides ([PPT|PDF])
Some hacking patterns from captured packets
Hackers' keystroke
Some intruders' startup scripts
Hacker conversation from IRC data capture
MSBLAST.D (W32/Nachi) worm analysis
MS-SQL worm (also called Sapphire, SQL Slammer, SQL Hell) analysis
A hacker tried to set up a shoutcast server in the honeypot