Specification of a Model of Honeypot Attack Based On Raised Data

The security of their network remains the priorities of almost all companies. Existing security systems have shown their limit; thus a new type of security systems was born: honeypots. Honeypots are defined as programs or intended servers which have to attract pirates to study theirs behaviours. It is in this context that the leurre.com project of gathering about twenty platforms was born. This article aims to specify a model of honeypots attack. Our model describes, on a given platform, the evolution of attacks according to theirs hours. Afterward, we show the most attacked services by the studies of attacks on the various ports. It is advisable to note that this article was elaborated within the framework of the research projects on honeyspots within the LABTIC (Laboratory of Information Technologies and Communication).

• Souleymane Oumtanaga
• Prosper Kimou
• Kouadio Gaza Kevin

• Honeypot
• networks
• attack
• leurrecom
• computer network

[1] E. Alata, M Dacier ÔÇÿ-Leurré.com : retour d-expérience sur
plusieurs mois d-utilisation d-un pot de miel distribué
mondialement--.
[2] Home Page du projet Honeynet,
http ://www.honeynet.org/, dernière visite 19 /09/2005.
[3] L. Spitzner, Honeypots: Tracking Hackers, Add.-Wesley, ISBN
from-321-10895-7, 2002.
[4] French Honeynet Project, http: //honeynet.rstack.org.
[5] F. Pouget, T. Holz, _A Pointillist Approach for Comparing
Honeypots_, Proc. Conference on Detection of Intrusions and
Malware & Vulnerability Assessment (DIMVA 2005), Vienne
9.
[6] ACI Sécurité et Informatique, http ://acisi.loria.fr.
[7] Fabien Pouget. Leurré.com, the Eurecom Honeypot Project
introduction. http://www.eurecom.fr/~pouget/leurrecom.htm.
[8] NGUYEN Programme d-alerte base sur des pots de mile,
septembre 2005.
[9] VMware Corporation Home Page, http: //www.vmware.com
[10] Honeyd Home page,
http: //www.citi.umich.edu/u/provos/honeyd
[11] https://riviera.eurecom.fr/.
[12] fr.wikipedia.org/wiki/Loi_normale; last access sept 2006.
[13] Honeypot-Based Forensics F Pouget and M Dacier, Proceedings
of the Asia Pacific Information Technology Security
Conference, (Auscert), 2004.
[14] What-s port 445 used for in windows 2000/XP; www.petri.co.il
[15] Global Intrusion Detection: Prelude Hybrid IDS Mathieu
Blanc1, Laurent Oudot1, and Vincent Glaume, rapport de
recherche 2002.
[16] The Value of Honeypots, Part Two: Honeypot Solutions and
Legal Issues by Lance Spitzner with extensive help from Marty
Roesch last updated October 23, 2001.
[17] The value of Honeypots, Part one: Definitions and Values of
Honeypots Lance Spitzner 2001-10-10.