SlideShare a Scribd company logo

Honeypots and Security

APNIC, profile picture
APNIC

APNIC has set up a honeypot network using Modern Honeypot Network (MHN) and is looking for more volunteers to participate by running a virtual machine with a public IP address. Passive DNS databases can provide information about past domain name resolutions and relationships between domains and IP addresses that is difficult to obtain through standard DNS queries. Farsight runs a large passive DNS network and the FIRST Passive DNS Exchange SIG is working on a common output format standard. CyberGreen collects risk indicator data on issues like open DNS, NTP, SSDP, and SNMP. The Censys Projects publishes daily snapshots of configuration data on IPv4 hosts, top websites, and X.509 certificates. APNIC conducts biennial surveys to

Internet
1 of 16
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Honeypots and Security Data Gathering BoF
Honeynet • APNIC (adli@apnic.net) has set up a honeynet using Modern Honeypot Network (MHN) • Looking for more volunteers to join – All you need is a VM and a public IP address – The more the merrier! 2
Honeynet 3
Honeynet 4
Honeynet 5
Passive DNS • Malware and e-crime rely heavily on the DNS, and so- called "fast flux botnets" abuse the DNS with frequent updates and low TTLs. Passive DNS databases can answer questions that are difficult or impossible to answer with the standard DNS protocol, such as: – Where did this domain name point to in the past? – What domain names are hosted by a given nameserver? – What domain names point into a given IP network? – What subdomains exist below a certain domain name? 6
Passive DNS • Farsight (wwww.farsightsecurity.com) is running a large PDNS network, participants are allowed to view data • FIRST Passive DNS Exchange SIG working on a standard for Common Output Format – https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/ • What would you do with the data from 200,000 DNS resolutions per second? 7
CyberGreen • Collects data and provides metrics on risk indicators around DDoS potential – Open DNS – Open NTP – Open SSDP – Open SNMP 8
CyberGreen 9
CyberGreen 10
Censys • The Censys Projects publishes daily snapshots of what we know about each IPv4 host, Alexa Top Million website, and known X.509 certificate. • These datasets contain structured, non-ephemeral JSON records that identify a host's configuration. • https://scans.io/ • https://www.censys.io/ 11
Censys 12
Questionnaires • APNIC does a survey every 2 years to shape direction • What about faster surveys for smaller corners of APNIC? • Small optional surveys, anonymous if desired/possible 13
Questionnaires • Do we need to encourage you to participate? • Maybe offer chocolates or invites to the Whisky BoF for regular contributors? (BYO whiskey ;) ) 14
Next steps • Should we do more? • How to do more? • What else should we do? 15
16

More Related Content

PDF
PacNOG 29: Routing security is more than RPKI
APNIC
 
PDF
Rolling the Root Zone DNSSEC Key Signing Key
APNIC
 
PDF
ION Islamabad - Deploying DNSSEC
Deploy360 Programme (Internet Society)
 
PDF
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
APNIC
 
PDF
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
APNIC
 
PDF
HKNOG 1.0 - DDoS attacks in an IPv6 World
Tom Paseka
 
PDF
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
APNIC
 
PDF
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
Deploy360 Programme (Internet Society)
 
PacNOG 29: Routing security is more than RPKI
APNIC
 
Rolling the Root Zone DNSSEC Key Signing Key
APNIC
 
ION Islamabad - Deploying DNSSEC
Deploy360 Programme (Internet Society)
 
2nd ICANN APAC-TWNIC Engagement Forum: Why RPKI Matters
APNIC
 
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
APNIC
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
Tom Paseka
 
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
APNIC
 
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
Deploy360 Programme (Internet Society)
 

What's hot (18)

PDF
CNIT 124: Ch 7: Capturing Traffic
Sam Bowne
 
PDF
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
Cisco DevNet
 
PPTX
Copia de presentación1
Sofia2110
 
PPTX
ION Hangzhou - How to Deploy DNSSEC
Deploy360 Programme (Internet Society)
 
PDF
2016 COSCUP SDN Introduction
Yi Tseng
 
PPTX
DoH, DoT and ESNI
Jisc
 
PDF
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
 
PPTX
ONOS intent introduction
Yi Tseng
 
PDF
Spotify: P2P music-on-demand streaming
Ricardo Vice Santos
 
PDF
23rd PITA AGM and Conference: DNS Security - A holistic view
APNIC
 
PDF
CNIT 121: 14 Investigating Applications
Sam Bowne
 
PPTX
Web identity part1
Islam Azeddine Mennouchi
 
PDF
Tutorial: IPv6-only transition with demo
APNIC
 
PDF
CNIT 152: 9 Network Evidence
Sam Bowne
 
PDF
2016 COSCUP ONOS
Yi Tseng
 
PDF
Silicon Valley Code Camp 2016 - MongoDB in production
Daniel Coupal
 
PPTX
WHOIS the Master
Jason Ross
 
PPTX
Nikto
penetration Tester
 
CNIT 124: Ch 7: Capturing Traffic
Sam Bowne
 
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
Cisco DevNet
 
Copia de presentación1
Sofia2110
 
ION Hangzhou - How to Deploy DNSSEC
Deploy360 Programme (Internet Society)
 
2016 COSCUP SDN Introduction
Yi Tseng
 
DoH, DoT and ESNI
Jisc
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
 
ONOS intent introduction
Yi Tseng
 
Spotify: P2P music-on-demand streaming
Ricardo Vice Santos
 
23rd PITA AGM and Conference: DNS Security - A holistic view
APNIC
 
CNIT 121: 14 Investigating Applications
Sam Bowne
 
Web identity part1
Islam Azeddine Mennouchi
 
Tutorial: IPv6-only transition with demo
APNIC
 
CNIT 152: 9 Network Evidence
Sam Bowne
 
2016 COSCUP ONOS
Yi Tseng
 
Silicon Valley Code Camp 2016 - MongoDB in production
Daniel Coupal
 
WHOIS the Master
Jason Ross
 
Nikto
penetration Tester
 
Ad

Similar to Honeypots and Security (20)

PDF
DNS in IR: Collection, Analysis and Response
pm123008
 
PPTX
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
OpenDNS
 
PDF
12 Years in DNS Security As a Defender
Bangladesh Network Operators Group
 
PPTX
Infoblox - turning DNS from security target to security tool
Jisc
 
PDF
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
Leszek Mi?
 
PDF
DNS как линия защиты/DNS as a Defense Vector
Positive Hack Days
 
PPTX
( Ethical hacking tools ) Information grathring
Gouasmia Zakaria
 
PDF
Dns firewalls null-may2020
n|u - The Open Security Community
 
PDF
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
APNIC
 
PDF
CNIT 40: 4: Monitoring and detecting security breaches
Sam Bowne
 
PDF
OSINT for Attack and Defense
Andrew McNicol
 
PDF
CNIT 40: 4: Monitoring and detecting security breaches
Sam Bowne
 
PPTX
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Ruo Ando
 
PDF
OSMC 2016 - DNS Monitoring from Several Vantage Points by Stéphane Bortzmeyer
NETWAYS
 
PDF
Denial of Service - Service Provider Overview
MarketingArrowECS_CZ
 
PPTX
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
PDF
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
 
PPTX
The DNS of Things
Peter Silva
 
PDF
Measurement Study of Open Resolvers and DNS Server Version
Yuuki Takano
 
DNS in IR: Collection, Analysis and Response
pm123008
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
OpenDNS
 
12 Years in DNS Security As a Defender
Bangladesh Network Operators Group
 
Infoblox - turning DNS from security target to security tool
Jisc
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
Leszek Mi?
 
DNS как линия защиты/DNS as a Defense Vector
Positive Hack Days
 
( Ethical hacking tools ) Information grathring
Gouasmia Zakaria
 
Dns firewalls null-may2020
n|u - The Open Security Community
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
APNIC
 
CNIT 40: 4: Monitoring and detecting security breaches
Sam Bowne
 
OSINT for Attack and Defense
Andrew McNicol
 
CNIT 40: 4: Monitoring and detecting security breaches
Sam Bowne
 
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Ruo Ando
 
OSMC 2016 - DNS Monitoring from Several Vantage Points by Stéphane Bortzmeyer
NETWAYS
 
Denial of Service - Service Provider Overview
MarketingArrowECS_CZ
 
Distributed Sensor Data Contextualization for Threat Intelligence Analysis
Jason Trost
 
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
 
The DNS of Things
Peter Silva
 
Measurement Study of Open Resolvers and DNS Server Version
Yuuki Takano
 
Ad

More from APNIC (20)

PPTX
APNIC Report, presented at APAN 60 by Thy Boskovic
APNIC
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
PDF
DNSSEC Made Easy, presented at PHNOG 2025
APNIC
 
PDF
BGP Security Best Practices that Matter, presented at PHNOG 2025
APNIC
 
PDF
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
APNIC
 
PDF
IPv6 Deployment and Best Practices, presented by Makito Lay
APNIC
 
PDF
Cleaning up your RPKI invalids, presented at PacNOG 35
APNIC
 
PDF
The Internet - By the numbers, presented at npNOG 11
APNIC
 
PDF
Transmission Control Protocol (TCP) and Starlink
APNIC
 
PDF
DDoS in India, presented at INNOG 8 by Dave Phelan
APNIC
 
PDF
Global Networking Trends, presented at the India ISP Conclave 2025
APNIC
 
PDF
Make DDoS expensive for the threat actors
APNIC
 
PDF
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
 
PDF
DDos Mitigation Strategie, presented at bdNOG 19
APNIC
 
PDF
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
APNIC
 
PDF
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
APNIC
 
PDF
Measuring Starlink Protocol Performance, presented at LACNIC 43
APNIC
 
APNIC Report, presented at APAN 60 by Thy Boskovic
APNIC
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
DNSSEC Made Easy, presented at PHNOG 2025
APNIC
 
BGP Security Best Practices that Matter, presented at PHNOG 2025
APNIC
 
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
APNIC
 
IPv6 Deployment and Best Practices, presented by Makito Lay
APNIC
 
Cleaning up your RPKI invalids, presented at PacNOG 35
APNIC
 
The Internet - By the numbers, presented at npNOG 11
APNIC
 
Transmission Control Protocol (TCP) and Starlink
APNIC
 
DDoS in India, presented at INNOG 8 by Dave Phelan
APNIC
 
Global Networking Trends, presented at the India ISP Conclave 2025
APNIC
 
Make DDoS expensive for the threat actors
APNIC
 
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
 
DDos Mitigation Strategie, presented at bdNOG 19
APNIC
 
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
APNIC
 
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
APNIC
 
Measuring Starlink Protocol Performance, presented at LACNIC 43
APNIC
 

Recently uploaded (20)

PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PPTX
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
PPTX
Slides PPTX: World Game (s): Eco Economic Epochs.pptx
Steven McGee
 
PPT
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
PPTX
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PDF
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PPTX
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
PPT
Ethics in Information System - Management Information System
faizhossain3
 
PPTX
Internet Safety for Seniors presentation
mwnorman1
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PDF
The Evolution of Traditional to New Media .pdf
NIKKODENSMIRO
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PPTX
1402_iCSC_-_RESTful_Web_APIs_--_Josef_Hammer.pptx
mwnorman1
 
PDF
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
PPT
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
PDF
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
E -tech empowerment technologies PowerPoint
kylebalatero12
 
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
Slides PPTX: World Game (s): Eco Economic Epochs.pptx
Steven McGee
 
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
Funds Management Learning Material for Beg
NKKumar16
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
Ethics in Information System - Management Information System
faizhossain3
 
Internet Safety for Seniors presentation
mwnorman1
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
The Evolution of Traditional to New Media .pdf
NIKKODENSMIRO
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
1402_iCSC_-_RESTful_Web_APIs_--_Josef_Hammer.pptx
mwnorman1
 
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 

Honeypots and Security

  • 2. Honeynet • APNIC (adli@apnic.net) has set up a honeynet using Modern Honeypot Network (MHN) • Looking for more volunteers to join – All you need is a VM and a public IP address – The more the merrier! 2
  • 6. Passive DNS • Malware and e-crime rely heavily on the DNS, and so- called "fast flux botnets" abuse the DNS with frequent updates and low TTLs. Passive DNS databases can answer questions that are difficult or impossible to answer with the standard DNS protocol, such as: – Where did this domain name point to in the past? – What domain names are hosted by a given nameserver? – What domain names point into a given IP network? – What subdomains exist below a certain domain name? 6
  • 7. Passive DNS • Farsight (wwww.farsightsecurity.com) is running a large PDNS network, participants are allowed to view data • FIRST Passive DNS Exchange SIG working on a standard for Common Output Format – https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/ • What would you do with the data from 200,000 DNS resolutions per second? 7
  • 8. CyberGreen • Collects data and provides metrics on risk indicators around DDoS potential – Open DNS – Open NTP – Open SSDP – Open SNMP 8
  • 11. Censys • The Censys Projects publishes daily snapshots of what we know about each IPv4 host, Alexa Top Million website, and known X.509 certificate. • These datasets contain structured, non-ephemeral JSON records that identify a host's configuration. • https://scans.io/ • https://www.censys.io/ 11
  • 13. Questionnaires • APNIC does a survey every 2 years to shape direction • What about faster surveys for smaller corners of APNIC? • Small optional surveys, anonymous if desired/possible 13
  • 14. Questionnaires • Do we need to encourage you to participate? • Maybe offer chocolates or invites to the Whisky BoF for regular contributors? (BYO whiskey ;) ) 14
  • 15. Next steps • Should we do more? • How to do more? • What else should we do? 15
  • 16. 16