Mohammed Sqalli*, Raed AlShaikh**, Ezzat
* Department of Computer Science and
King Fahd University of Petroleum and Minerals
Dhahran, Saudi Arabia
** ECC Network Operations Department
EXPEC Computer Center (ECC)
Dhahran 31311, Saudi Arabia
A Virtual Distributed Honeynet at KFUPM:
A Case Study
A honeynet is a network set up with intentional vulnerabilities to invite attack, so
that an attacker's activities and methods can be studied.
Build a high-interaction honeynet environment at KFUPMs two
The students living dorms.
The Computer Engineering College campus
Most enthusiastic and computer-literate intruders are found in
the Computer Science and Engineering College.
Two commonly used Implementations were tested:
The Honeywall CDROM
VMWare virtualization was used since it offers several advantages as opposed
to the use of physical machines:
VMs can be modified more easily than physical machines (software layer).
An administrator can start, stop or clone a VM very easily which is especially
important in the case of security.
The aim of our experiment is to explore:
The type of attacks the campuses are exposed to. (DoS, port
The most common tools for these attacks. (rsh, ssh, parallel ping,
The most common source(s) and destination(s) for these attacks.
The feasibility of the design and tools used.
In terms of severity, around 65% of the traffic was considered
High-interaction honeypots were used:
Collect as much information as possible.
The Computer Engineering
medium risk, while the remaining 35% was considered low. The
high percentage of the medium-level category was due to the fact
that the system classifies BitTorrents file sharing, which makes
around 70% of the total traffic, as medium risk. This percentage is
of no surprise since BitTorrent accounts for an astounding 40-55%
of all the traffic on the Internet, and it is expected to be high in the
students living campuses.
IIS view script source code
MS Uni Plug and Play UDP
logs, and informs the system
administrator for any successful intrusion incident. The script sends emails
containing these matched logs.
Moreover, we detected a vulnerability attack on the Internet
Information Service (IIS) that was installed on the Windows-based
honeypots. This vulnerability has the signature KFAGC165421, and
indicates that IIS contains a flaw that allows an attacker to cause IIS
to return the source code for a script file instead of processing the
script. This vulnerability attack traffic was generated by one of the
systems in the students living campus.
Our experience shows that Honeywall CDROM proved to be a solid tool that is capable of capturing great deal of information and assisting in analyzing
traffic on the distributed honeypots. The honeynet designer, nevertheless, needs to consider few issues related to scalability and resource utilization.
Out future work includes expanding our honeynet network to include other colleges and campuses in the university and have wider honeynet coverage.
This will also require increasing our logging disk space to allow for more logging time, longer logging intervals and thus broader analysis.
Kruy Seng and Man-Leung Wong. Department of Computing and Decision Sciences. Lingnan University. September 07, 2017. background. Machine Learning is a field of study that provides computers with ability to learn without being explicitly programmed .
Diagnostic Followup Programme HELM Resources HEFCE FDTL4 project 2002-2005 Workbooks on various mathematical topics. Workbooks on mathematical topics Example Engineering Application Diagnostic Followup Programme Manchester Mathematics Resource Centre. Support Centre for students to drop into with Mathematical Enquiries.
Nearly a quarterof businesses forced to close as a result of a disaster never reopen.. Why is BCP Important? Business interruptions can have serious consequences. Preparation is essential. Having documentation . of individual and corporate roles and clearly defined responsibilities...
Prepositional Phrases can modify _____ or _____. Diagram the following sentence: The early bird gets the tasty worm with the long tail. ... (relates to Dionysian rituals) The Stage Where and how were the dramas performed? …In an amphitheatre …With...
Shasun/Eli Lilly. FDI flows in India, 2000 to 2012. Source Chalapati Rao et al, 2014. Per cent Manufacturing Pharmaceuticals Greenfield 30.3 17.2 14.5. ... Started by Dr Reddys and Ranbaxy in early 1990s followed by several others - Glenmark, Lupin,...
The byte addressable memories used in personal computers store 1 byte (8 bits) at each address. Word addressable memories are used in higher performance machines and store multiple bytes at each address. The address is how the hardware picks one...
Emphasis includes: Health care issues, Physical disability processing, Medical retention, Finance, Legal, Transition benefits, VA, TSGLI Assist with writing appeals (at any stage of the board) Ombudsman Ador Yabut 253-320-9725 Checklist # 30 * Every SOLDIER will be able to...
Ready to download the document? Go ahead and hit continue!