Title

TCP attack analysis on packets captured using symantec decoy server

Abstract/Description

This paper discusses results obtained from Symantec Decoy Server (previously known as Mantrap) with an introduction to honeypots. Lance Spitzner of the Honeynet Project introduced the concept of honeypots. A honeypot is in essence a decoy server, which has no real or strategic value and is only setup to attract crackers towards it. The idea is to trap the crackers and learn cracking techniques from them. Rapid increase in unauthorized intrusions over the Internet provides a great motivation to explore honeypots at a greater depth. We will provide analysis on TCP based denial of service attack carried out on Symantec Decoy Server based honeypot. These results highlight the importance of honeypot as a tool of learning and preventing future intrusions.

Location

Crystal Ball Room A, Hotel Pearl Continental, Karachi, Pakistan

Session Theme

Network Security [NS]

Session Type

Other

Session Chair

Dr. Tanveer-ul-Haq

Start Date

27-8-2005 6:00 PM

End Date

27-8-2005 6:20 PM

Share

COinS
 
Aug 27th, 6:00 PM Aug 27th, 6:20 PM

TCP attack analysis on packets captured using symantec decoy server

Crystal Ball Room A, Hotel Pearl Continental, Karachi, Pakistan

This paper discusses results obtained from Symantec Decoy Server (previously known as Mantrap) with an introduction to honeypots. Lance Spitzner of the Honeynet Project introduced the concept of honeypots. A honeypot is in essence a decoy server, which has no real or strategic value and is only setup to attract crackers towards it. The idea is to trap the crackers and learn cracking techniques from them. Rapid increase in unauthorized intrusions over the Internet provides a great motivation to explore honeypots at a greater depth. We will provide analysis on TCP based denial of service attack carried out on Symantec Decoy Server based honeypot. These results highlight the importance of honeypot as a tool of learning and preventing future intrusions.