Papers
This section has all the publications that the Chicago Honeynet Project is currently working or published.
Know Your Enemy: Web Application Threats
Authors: Jamie Riden, Ryan McGeehan, Brian Engert, Michael Mueter
February 23, 2007
With the constant growth of the Internet, more and more web applications are being deployed. Web applications offer services such as bulletin boards, mail services such as SquirrelMail, online shops, or database administration tools like PhpMyAdmin. They significantly increase the exposed surface area by which a system can be exploited. By their nature, web applications are often widely accessible to the Internet as a whole meaning a very large number of potential attackers. All these factors have caused web applications to become a very attractive target for attackers and the emergence of new attacks. This KYE paper focuses on application threats against common web applications. After reviewing the fundamentals of a typical attack, we will go on to describe the trends we have observed and to describe the research methods that we currently use to observe and monitor these threats. In Appendix A, we give actual examples of a bot (a variant of PERL/Shellbot), the Lupper worm and an attack against a web Content Management System (CMS) as examples that show how web application threats actually act and propagate.
Integrating Google Hack and GenIII Honeypots
Authors: Thorsten Holz and Ryan McGeehan
January 18, 2006
This document describes some ideas how to integrate two different techniques from the area of honeypot-based research. On one hand, there are Google Hack Honeypots and on the other GenIII Honeypots. At first, we will give a brief introduction to Google Hack Honeypots since presumably not everyone is familiar with this concept. The concept of GenIII honeypots should be familiar.