Honeypots and Routers: Collecting Internet Attacks

As the number of Internet-based consumer transactions continues to rise, the need to protect these transactions against hacking becomes more and more critical. An effective approach to securing information on the Internet is to analyze the signature of attacks in order to build a defensive strategy. This book explains how to accomplish this using honeypots and routers. It discusses honeypot concepts and architecture as well as the skills needed to deploy the best honeypot and router solutions for any network environment.

Honeypots and Routers: Collecting Internet Attacks begins by providing a strong grounding in the three main areas involved in Internet security:

• Computer networks: technologies, routing protocols, and Internet architecture
• Information and network security: concepts, challenges, and mechanisms
• System vulnerability levels: network, operating system, and applications

The book then details how to use honeypots to capture network attacks. A honeypot is a system designed to trap an adversary into attacking the information systems in an organization. The book describes a technique for collecting the characteristics of the Internet attacks in honeypots and analyzing them so that their signatures can be produced to prevent future attacks. It also discusses the role of routers in analyzing network traffic and deciding whether to filter or forward it.

The final section of the book presents implementation details for a real network designed to collect attacks of zero-day polymorphic worms. It discusses the design of a double-honeynet system architecture, the required software tools, and the configuration process using VMware. With the concepts and skills you learn in this book, you will have the expertise to deploy a honeypot solution in your network that can track attackers and provide valuable information about their source, tools, and tactics.

About the Author

Mohssen Mohammed received his B.Sc. (Honors) degree in Computer Science from Computer Man College for Computer Studies (Future University), Khartoum, Sudan, in 2003. In 2006, he received his M.Sc. degree in Computer Science from the Faculty of Mathematical Sciences, University of Khartoum, Sudan. In 2012, he received his PhD in Electrical Engineering from Cape Town University, South Africa. He has published several papers at top international conferences such as GLOBECOM and MILCOM. He has served as a Technical Program Committee member in numerous international conferences, such as ICSEA 2010 and ICNS 2011. He received the University of Cape Town prize for International Scholarship for Academic Merit (2007, 2008, and 2009). From 2005 to 2012, he worked as a permanent academic staff member at the University of Juba, South of Sudan. He is now working as Assistant Professor in the College of Computer Science & Information Technology, Bahri University, Khartoum, Sudan. His research interest includes network security, especially intrusion detection and prevention systems, honeypots, firewalls, and malware detection methods.

Habib-ur Rehman completed his doctoral studies in 2009 at the Technische Universitaet Carolo Wilhelmina zu Braunschweig, Germany. Earlier, he obtained his MS degree in 2004 from the Lahore University of Management Sciences, Lahore, Pakistan. He worked as an Assistant Professor at the National Textile University, Faisalabad, Pakistan, and National University of Computer and Emerging Sciences, Islamabad, Pakistan. Since early 2012, he has been teaching at the Al-Imam Muhammad Ibn Saud Islamic University, Riyadh, KSA. His primary research interests are the design and development of network protocols, schemes, and models for mobile and ad hoc networks. He has focused on the issues of routing, MAC, streaming, security, and information sharing in his research. He has also supervised undergrad students in the development of useful Android applications.