Skip to Main Content
Network Security Hacks
book

Network Security Hacks

by Andrew Lockhart
April 2004
Intermediate to advanced content levelIntermediate to advanced
320 pages
9h 10m
English
O'Reilly Media, Inc.
Content preview from Network Security Hacks

Record Honeypot Activity

Keep track of everything that happens on your honeypot.

Once an attacker has fallen prey to your honeypot and gained access to it, it is critical that you monitor all activity on that machine. By monitoring every tiny bit of activity on your honeypot, you can not only learn the intentions of your uninvited guest, but can often learn about new techniques for compromising a system as the intruder tries to gain further access. Besides, if you’re not interested in what attackers are trying to do, why run a honeypot at all?

One of the most effective methods for tracking every packet and keystroke is to use a kernel-based monitoring tool. This way nearly everything that the attacker does on your honeypot can be monitored, even if the attackers use encryption to protect their data or network connection. One powerful package for monitoring a honeypot at the kernel level is Sebek (http://www.honeynet.org/tools/sebek/).

Sebek is a loadable kernel module for Linux and Solaris that intercepts key system calls in the kernel and monitors them for interesting information. It then transmits the data to a listening server and hides the presence of the transmissions from the local system. Sebek is actually made up of two kernel modules. The first, sebek.o, actually does the monitoring. The other module is cleaner.o, which protects sebek.o from being discovered.

To build the kernel modules on Linux, first make sure that /usr/src/linux-2.4 points to the source code of the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans

Publisher Resources

ISBN: 0596006438Catalog PageErrata