Show simple item record

dc.contributor.authorVetterl, Alexander
dc.contributor.authorClayton, Richard
dc.date.accessioned2018-09-20T12:07:19Z
dc.date.available2018-09-20T12:07:19Z
dc.date.issued2018-08-13
dc.identifier.urihttps://www.repository.cam.ac.uk/handle/1810/280555
dc.description.abstractThe current generation of low- and medium interaction honeypots uses off-the-shelf libraries to provide the transport layer. We show that this architecture is fatally flawed because the protocols are implemented subtly differently from the systems being impersonated. We present a generic technique for systematically fingerprinting low- and medium interaction honeypots at Internet scale with just one packet and an ERR (Equal Error Rate) of 0.0183. We conduct Internet-wide scans and identify 7,605 honeypot instances across nine different honeypot implementations for the most important network protocols SSH, Telnet, and HTTP. For SSH honeypots we also determined their patch level and find that they are poorly maintained -- 27% of the honeypots have not been updated within the last 31 months and only 39% incorporate improvements from 7 months ago. We believe our findings to be a 'class break' in that trivial patches cannot address the issue.
dc.publisherUSENIX
dc.titleBitter harvest: Systematically fingerprinting low- and medium-interaction honeypots at internet scale
dc.typeConference Object
prism.publicationDate2018
prism.publicationName12th USENIX Workshop on Offensive Technologies, WOOT 2018, co-located with USENIX Security 2018
dc.identifier.doi10.17863/CAM.27923
dcterms.dateAccepted2018-06-27
rioxxterms.versionofrecord10.17863/CAM.27923
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserved
rioxxterms.licenseref.startdate2018-01-01
dc.contributor.orcidVetterl, Alexander [0000-0003-4761-8679]
dc.contributor.orcidClayton, Richard [0000-0002-1673-918X]
dc.publisher.urlhttps://www.usenix.org/conference/woot18/presentation/vetterl
rioxxterms.typeConference Paper/Proceeding/Abstract
pubs.funder-project-idEngineering and Physical Sciences Research Council (EP/M020320/1)
cam.issuedOnline2018-08-13
pubs.conference-name12th USENIX Workshop on Offensive Technologies (WOOT 18)
pubs.conference-start-date2018-08-13
pubs.conference-finish-date2018-08-14


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record