NoSEBrEaK - Defeating Honeynets

Presented at DEF CON 12 (2004), July 30, 2004, 8 p.m. (50 minutes)

Honeynets are one of the more recent toys in the white-hat arsenal. They are usually assumed to be hard to detect and attempts to detect or disable them can be unconditionally monitored. Sometimes it is even suggested that deploying honenets is a way to incerase security. We scrutinize this assumption and demonstrate a method how a host in a honeynet can be completely controlled by an attacker without any substantial logging taking place. We show how to detect honeynets, circumvent logging on a honeynet and finally 0wn a honeynet hard disabling all of a honeypots security features and present the tools to do so.


Presenters:

  • Thorsten Holz - Laboratory for Dependable Distributed Systems (RWTH Aachen University)
    Thorsten Holz is a research student at the laboratory for dependable distributed systems at RWTH Aachen University where he is trying to bring a solid scientific foundation to Honeynet research.
  • Dipl.-Jur. Maximillian Dornseif - Laboratory for Dependable Distributed Systems (RWTH Aachen University)
    Maximillian Dornseif and Christian N. Klein have studied computer science at the University of Bonn, Germany; Dornseif also holds a degree in laws. Both are involved in computer security and the German computer underground, namely the Chaos Computer Club, for a long time and are doing security consulting together since the late nineties. Their clients include the industry like Deutsche Telekom and T-Mobile but also government.
  • Christian Klein - University of Bonn
    Maximillian Dornseif and Christian N. Klein have studied computer science at the University of Bonn, Germany; Dornseif also holds a degree in laws. Both are involved in computer security and the German computer underground, namely the Chaos Computer Club, for a long time and are doing security consulting together since the late nineties. Their clients include the industry like Deutsche Telekom and T-Mobile but also government.

Links:

Similar Presentations: