120 likes | 287 Vues
Evaluate the Merits of Using Honeypots to Defend against Distributed Denial-of-Service Attacks on Web Servers. By Cheow Lip Goh. Content. Motivations DDoS attacks Honeypots & Honeynets Evaluation Conclusion. Motivations.
E N D
Evaluate the Merits of Using Honeypots toDefend against Distributed Denial-of-Service Attacks onWeb Servers By Cheow Lip Goh
Content • Motivations • DDoS attacks • Honeypots & Honeynets • Evaluation • Conclusion
Motivations • “Paying an extortionist a few thousand dollars to leave your network alone might make bottom-line business sense if the alternative is enduring a distributed denial-of-service attack that could cost your company millions in lost revenue and public relations damage.” 'Net Buzz By Paul McNamara, Network World, 05/23/05
Successful Defense against DDoS? • Normal Packet Survival Rate (NPSR) - denotes the percentage of normal packets that could make their way to the victim in the midst of a DDoS attack • Unfortunately, all current proposed solution to defend against a fully distributed DDoS attacks does not solve the issue completely.
Honeypots & Honeynets • “A honeypot is a resource whose value is being in attacked or compromised. This means, that a honeypot is expected to get probed, attacked and potentially exploited. Honeypots do not fix anything. They provide us with additional, valuable information.” Lance Spitzner • A honeynet is a group of honeypots configured to be exactly like the production servers in the organizations deploying them.
Purpose of the Honeynet in a DDoS Attack • Lure DDoS attackers to compromise the honeypots in the honeynet and learn of the tools, tactics and motives of the attacker. This knowledge will be used to strengthen the networks and servers running in the organization. • Serve as a decoy during a real DDoS attack to deceive that attacker that the DDoS attack is going on very well.
Evaluation: Issues with using the Honeynet to Defend against DDoS • A Honeynet is very complicated and costly to setup. 24x7 monitoring required. • Compromised honeynet could lead to legal issues. • DDoS detection and filtering mechanism might not work properly. • Traffic forwarder is a big bottleneck.
Conclusion • The cost of deploying and maintaining a honeynet to defend against a DDoS attack is very significant. Extra prudence should be exercised to evaluate the benefits of such a complex system as a mistake could lead to costly lawsuits or compromise of machines within the intranet.