Detecting Botnets Using a Low Interaction Honeypot
Source: Infosec Writers - Posted by Eric Lubow   
Intrusion Detection This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail-safe' in that when left unattended, the default action is to do nothing – though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.

Read this full article at Infosec Writers

Only registered users can write comments.
Please login or register.

Powered by AkoComment!