Worm and Botnet Trapper System Using Honeypots

1
Worm and Botnet Trapper System Using Honeypots

• Yan Gao Usman Jafarey

2
Purpose?

• To build a honeynet to trap botnet and worm
  behavior in darknet addresses.
• Collect data for worm and botnet detection.

3
Tools

• VMWare
• Create virtual machines to use as honeypots
• Currently using VMWare server beta version with
  two virtual machines of Windows XP and two of
  Linux Red Hat
• Each honeypot has an internal IP to communicate
  with the dispatcher
• Click
• Firewall Dynamic NAT
• Dynamic mapping table to maintain traffic balance
  between honeypots
• Chose Click for this purpose after Honeywall was
  determined to not suit our purposes

4

• Progress since midterm
• Configured Click to rewrite IP packets entering
  beetle
• Problems
• Sending packets from beetle back out into the
  Internet
• Seems as though packets are being blocked by
  firewall

5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11

• One thing is for certain There is an enormous
  amount of traffic entering the darknet

12

• Future work
• Finding out exactly what the problem is with
  traffic leaving beetle and fix it
• Install software to analyze traffic and activity
  on honeynet
• Collect data