E-Business
Issue No. 6 - July/September 2002
Honeypots and Sticky Fingers
by David Twiss
Imagine living in a street where every 90 minutes someone you didn’t know, wearing a balaclava, walked around your house trying to open each door and window. No one would choose to live in a neighbourhood like that of course, and yet that’s exactly the situation on the Internet.
Increasingly businesses are embracing the Internet and its services as a business tool. Companies are connecting their internal LANs to the Internet, and with permanent Internet connections starting at around $500 a year, connection cost is really no longer an issue.
What is an issue is the extent that a business can unwittingly expose itself to cyber-attack by failing to take adequate precautions. If someone running a construction company were seeking to store building supplies in between jobs, to simply leave them unsecured on a vacant lot somewhere would be asking for trouble. Many companies do just that in the cyber world.
A lot has been said about who does what to whom on the Internet, and I wondered just how much was hype as compared to reality. So a couple of months back I set-up an experiment. Taking an old PC, I loaded a free ’low-end’ honeypot, a type of intrusion detection software, and set the PC up beyond the firewall that protects our network. That is, set-up directly on the Internet. The software I loaded is like a little burglar alarm; it detects and records a variety of attack attempts.
Over the next 6 weeks that PC received 795 attacks, from 219 separate computers, located in 38 different countries. That’s about 19 attacks per day, or one every 75 minutes on average.
On the worst day, day 3, there were 100 attacks from 13 computers. One attack every 15 minutes on average.
It is worth remembering this was a PC set up on the internet to use an IP address not used for several years. There are no links to this IP address, and it does not ‘belong to’ any URL. This PC was found by people who are ...
