Identifying Hacking and Abuse Threats towards a Home DSL Internet Connection with High Interaction Honeypot Implementation

To add a paper, Login.

The number of home DSL subscribers has been increasing and this trend is expected to continue in years to come. At the same time the number of hacking and abuse cases targeted at host that is connected to the internet also has been rising. There is a need to identify whether host that is connected to the internet via DSL internet connection are also vulnerable to hacking and abuse threat from the internet. The threat would be identify with the implementation of high interaction honeypot. A honeynet architecture consist of normal OSes as the high interaction honeypot is connected to the internet via DSL connection and monitored by a monitoring station that used Snort IDS. It is found that the computer that connected to the internet via DSL connection was also exposed to hacking and abuse threat. The research recorded a total of 19120 attack alert generated by snort. One of the honeypot deployed has been abused as an IRC bot server. The attack experienced including port scanning activity, attempted admin, welchia worms and even marketing advertisement.

Keywords: High Interaction Honeypot, Honeynet, Tmnet Streamyx, Hacking, Abuse, DSL
Stream: Human Technologies and Usability
Presentation Type: Virtual Presentation in English
Paper: Identifying Hacking and Abuse Threats towards a Home DSL Internet Connection with High Interaction Honeypot Implementation

Emran Mohd Tamil

Lecturer, Department of Computer System and Technology,, University of Malaya
Lembah Pantai, Kuala Lumpur, Malaysia

Emran Mohd Tamil is a lecturer at the Department of System and Computer Technology, Faculty of Computer Science and Information Technology, University of Malaya. He obtained his Master of Science in Information Technology from the Universiti Teknologi Mara in 2004. His current research areas include network security, system-on-chip, SCADA, wireless sensor network and digital signal processing for medical application.

Abdul Hamid Othman

Lecturer, Faculty of Science Quantitative & Information Technology, Universiti Teknologi Mara
Shah Alam, Selangor, Malaysia

Madihah Mohd Saudi

Lecturer, Faculty Science and Technology, Islamic Science University of Malaysia (USIM),Malaysia.
Nilai, Negeri Sembilan, Malaysia

Madihah Mohd Saudi is a lecturer at Faculty Science and Technology of
Islamic Science University of Malaysia (USIM),Malaysia.

Prior to that, Madihah Mohd Saudi was the virus analyst for NISER and was responsible for conducting in-house testing for virus analysis, reviewing standard operating procedures for virus analysis, developing acceptable user policies, damage control and laboratory specifications. She was also accountable in responding to virus cases, as (MyCERT-Malaysia Computer Emergency Response Team) 2nd level support and as the NISER’s honeynet member. She was also the co-instructor for Incident Handling Training organized by NISER.

Madihah earned her Bachelor’s Degree in Computer Science from Universiti Kebangsaan Malaysia (UKM)and her Master’s Degree in Software Engineering from Universiti Malaya (UM). Her mission for USIM and for herself is to be one of the best security academicians in the world.

Ref: T08P0449