Cyber Security Expo
Detecting Botnets Using a Low Interaction Honeypot by Jamie Riden on 23/03/06

This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail-safe' in that when left unattended, the default action is to do nothing though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.