Deception using an SSH honeypot
McCaughey, Ryan J.
Rowe, Neil C.
Shaffer, Alan B.
MetadataShow full item record
The number of devices vulnerable to unauthorized cyber access has been increasing at an alarming rate. A honeypot can deceive attackers trying to gain unauthorized access to a system; studying their interactions with vulnerable networks helps better understand their tactics. We connected an SSH honeypot responding to secure-shell commands to the Naval Postgraduate School network, bypassing the firewall. During four phases of testing, we altered the login credential database and observed the effects on attackers using the honeypot. We used different deception techniques during each phase to encourage more interaction with the honeypot. Results showed that different attackers performed different activities on the honeypot. These activities differed in total login attempts, file downloads, and commands used to interact with the honeypot. Attackers also performed TCP/IP requests from our honeypot to direct traffic to other locations. The results from this experiment confirm that testing newer and updated tools, such as honeypots, can be extremely beneficial to the security community by helping to prevent attackers from quickly identifying a network environment.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Lim, Sze Li Harry (Monterey, California. Naval Postgraduate School, 2006-12);A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. While the security community is reaping fruits of this collection tool, the hacker ...
Yahyaoui, Aymen (Monterey, California: Naval Postgraduate School, 2014-09);Deception can be a useful defensive technique against cyber attacks. It has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers ...
Duong, Binh T. (Monterey, California. Naval Postgraduate School, 2006-03);Honeypots are computer systems deliberately designed to be attack targets, mainly to learn about cyber-attacks and attacker behavior. When implemented as part of a security posture, honeypots also protect real networks by ...