Identifying Hacking and Abuse Threats towards a Home DSL Internet Connection with High Interaction Honeypot Implementation
The number of home DSL subscribers has been increasing and this trend is expected to continue in years to come. At the same time the number of hacking and abuse cases targeted at host that is connected to the internet also has been rising. There is a need to identify whether host that is connected to the internet via DSL internet connection are also vulnerable to hacking and abuse threat from the internet. The threat would be identify with the implementation of high interaction honeypot. A honeynet architecture consist of normal OSes as the high interaction honeypot is connected to the internet via DSL connection and monitored by a monitoring station that used Snort IDS. It is found that the computer that connected to the internet via DSL connection was also exposed to hacking and abuse threat. The research recorded a total of 19120 attack alert generated by snort. One of the honeypot deployed has been abused as an IRC bot server. The attack experienced including port scanning activity, attempted admin, welchia worms and even marketing advertisement.
Keywords: High Interaction Honeypot, Honeynet, Tmnet Streamyx, Hacking, Abuse, DSL
Emran Mohd Tamil
Lecturer, Department of Computer System and Technology,, University of Malaya
Abdul Hamid Othman
Lecturer, Faculty of Science Quantitative & Information Technology, Universiti Teknologi Mara
Madihah Mohd Saudi
Lecturer, Faculty Science and Technology, Islamic Science University of Malaysia (USIM),Malaysia.
Islamic Science University of Malaysia (USIM),Malaysia.
Prior to that, Madihah Mohd Saudi was the virus analyst for NISER and was responsible for conducting in-house testing for virus analysis, reviewing standard operating procedures for virus analysis, developing acceptable user policies, damage control and laboratory specifications. She was also accountable in responding to virus cases, as (MyCERT-Malaysia Computer Emergency Response Team) 2nd level support and as the NISER’s honeynet member. She was also the co-instructor for Incident Handling Training organized by NISER.
Madihah earned her Bachelor’s Degree in Computer Science from Universiti Kebangsaan Malaysia (UKM)and her Master’s Degree in Software Engineering from Universiti Malaya (UM). Her mission for USIM and for herself is to be one of the best security academicians in the world.