[prev in list] [next in list] [prev in thread] [next in thread] 

List:       glastopf
Subject:    [Glastopf] GlastopfNG finally released!
From:       glaslos () gmail ! com (glaslos)
Date:       2010-10-14 22:12:59
Message-ID: AANLkTinJtqXfaDFU=EYcSsOpsVFqtqx7RyXXXiHO_XCF () mail ! gmail ! com
[Download RAW message or body]

Dear mailing list,

Before we are getting worser than Duke Nukem Forever, we decided to finally
release the next generation of the web application honeypot Glastopf!

Today we find web applications in every environment independent of company
size and even in home networks. Over web attack vectors like SQL Injections
and Remote File Inclusions, criminals can overtake web servers which than
become part of a botnet or even a command and control server. Web servers
are specially interesting for such tasks as they normally have bigger
bandwidth than client computers and mostly an uptime of nearly 24 hours,
seven days a week. This makes a hacked web server a dangerous weapon in the
hands of a criminal.

*Introduction*
GlastopfNG is a honeypot specialized on simulating a vulnerable web
server/application to become a target of automated and even manual attacks.
Instead of trying to block these attacks GlastopfNG tries to get as much
information as possible about the attacker and the used attack itself. This
gathered information can then be used in different ways to protect real
applications in the future against such attacks. Today it's for example
already used by hosting providers to inform owners of servers, which are
attacking other servers on the Internet, that it's very likely, that their
server has been hacked. This is a great additional service for their
customers and can be done in a mainly automated way.

*Project*
If you don't know what attacks to expect, it's nearly impossible to block
any of them. This is why it is so important to gather information about the
latest attacks on the Internet. There was already a honeypot called Glastopf
but unfortunately, it had some shortcomings and this is why this bachelor
thesis was dedicated to a complete rewrite of the Glastopf honeypot
including the way it internally works, it's module concept, it's
configuration approach and all used data structures.

*Result*
GlastopfNG does not have any of the shortcomings of the original Glastopf
anymore, which makes it the most advanced web attack honeypot. The
sophisticated architecture of GlastopfNG makes it really easy for developers
and even interested non-developers to extend it with modules. Overall,
GlastopfNG is now one of the most flexible honeypots available. In the tests
during the thesis, it was already possible to analyze thousands of attacks
and gather information about them like the attack source and their payloads.

*Links*
The project page:
http://dev.glastopf.org/projects/show/glastopfng
Get Svens thesis on GlastopfNG:
http://dev.glastopf.org/wiki/glastopfng/Thesis
Get GlastopfNG:
http://dev.glastopf.org/wiki/glastopfng/Binary


Cheers,
Glastopf dev team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/glastopf/attachments/20101015/6d7a13be/attachment.html 

[prev in list] [next in list] [prev in thread] [next in thread]