Honeynet.ie

Quoted from ENN

Irish Honeynet slammed by attacks

The Irish Honeynet enticed nearly 600 attacks in January, while the rampant Slammer worm even caused it to be brought down for a day during the month.
The decoy computer network, which was established to study cyber attackers, recorded 597 attacks during January. Although this was slightly down on figures for November (634) and October (613) of last year, it is a substantial increase from the early days of the project in mid-2002 when it was attracting around 400 attacks a month.


According to Colm Murphy, technical director with Espion, one of the companies involved in the Honeynet, this overall increase is probably due to the length of the time that the Irish Honeynet has been on the Internet.


"If it is difficult to know what exactly has caused this jump, but it is safe to say that the longer an IP address is on-line, the more it will be attacked," Murphy told ElectricNews.Net.


Designed to imitate common Internet infrastructures, Honeynets are "wired" with detection sensors to capture all network activity. A Honeynet is not advertised, so any traffic to it is suspicious by nature. The idea behind it is to learn more about how hackers and would-be attackers operate so that computer systems can be better protected.


January also saw a demonstration of how potentially destructive the recently released Slammer worm could be. The virus, which exploited a six-month old vulnerability in Microsoft SQL Server 2000, wreaked havoc for a couple of days in the last week of January.


During that time, it spread rapidly across the world, affecting Internet performance from China to the US. Another of its victims was the Irish Honeynet, which had to shut down for a day as the bug swamped its network with massive amounts of data. However, Slammer activity on the Irish Honeynet only accounted for around 10 of the total attacks in January.


Murphy said the impact of Slammer illustrated the need for organisations to ensure their systems cannot be crippled by such viruses.


The latest figures from the Irish Honeynet project also showed that the US continues to be the origin of the majority of the attacks against it.


"The US has consistently been the largest single source of attack, accounting for a huge proportion of the traffic seen on a daily basis in the Honeynet," said Gerry Fitzpatrick, enterprise risk services partner at Deloitte & Touche, which is the other Irish Honeynet partner. "In November 2002, for instance, 46 percent of the total attacks on the Irish Internet came from source addresses in America."


However, as Murphy explained, this does not necessarily mean that these attacks are coming from people based in America. "Cyber-attackers would route their attacks through systems based in a number of countries. These figures simply show that there are large amount of vulnerable systems in the US, which hackers are using to launch the last leg of their attacks," commented Murphy.