Network security deals with two types of communities black hats and white hats. The era of security has come when the white hats are not only interested in defending the networks but are keen to make fool of the black hats. Looking at the other side of the mirror, the black hats have also evolved new methods of breaching the security. The work in this paper is based on implementation of low-interaction and high-interaction honeypots along with the deployment of honeywall gateway. Honeywall gateway acts as reverse firewall that allows all type of traffic (both good and bad) to enter the system to facilitate analysis and learning. Honeywall gateway is the heart of the work that is involved in capturing, controlling, and analysis of data. The captured data is further categorized on protocol and port basis. The methodology used can be summarized into three steps: • Monitoring the attack traffic • Analyzing the attack type and method • Responding to the attacker to capture in depth information. The work is intended to analyze the attacker's activities once it is logged and captured by honeywall and accessed through the walleye interface.
[1]
Marc Dacier,et al.
Lessons learned from the deployment of a high-interaction honeypot
,
2006,
2006 Sixth European Dependable Computing Conference.
[2]
R.C. Joshi,et al.
A honeypot system for efficient capture and analysis of network attack traffic
,
2011,
2011 International Conference on Signal Processing, Communication, Computing and Networking Technologies.
[3]
Marco Furini,et al.
International Journal of Computer and Applications
,
2010
.
[4]
L. Spitzner,et al.
Honeypots: Tracking Hackers
,
2002
.
[5]
A. K. Ramani,et al.
Deployment of a low interaction honeypot in an organizational private network
,
2011,
2011 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC).