We all know how important it is to run a firewall; whether it be the default Windows firewall, third-party software, or a hardware firewall on your network gateway, you would be mad to connect to the Internet without at least one! The ‘survival time‘ is the amount of time an unprotected machine will last before it’s infected with malware-it’s shocking to see that this survival time is generally no more than 90 minutes! Almost all of these malware infections are the result of self-propagating worms and viruses spreading themselves around using known vulnerabilities.
I wanted to see for myself just how quickly a machine would be infected, how it would be infected, and how frequently it would be probed. Rather than putting a target machine openly on the Internet, I decided to use the Nepenthes malware collector. Nepenthes is a low interaction Honeypot, which emulates known vulnerabilities and captures worms as they attempt to infect it. While the way that Nepenthes operates means that it won’t detect attackers trying to exploit unknown vulnerabilities, it does allow us to detect new ways of exploiting known vulnerabilities.
(more...)
martes, 21 de agosto de 2007
Suscribirse a:
Enviar comentarios (Atom)
No hay comentarios:
Publicar un comentario