Honeypots in Cyberwar

Honeypots/Honeynets
in

Cyber War

Sayyed Mehdi Poustchi Amin
Poustchi@Yahoo.com
CCNA-MCITP-MCTS-MCSE-MCSA-MCP
PhD Student - Computer Science
Dec 2010

Speaker
Mehdi Poustchi Amin poustchi@yahoo.com
CCNA,MCTS,MCITP,MCSE, MCSA,MCP

Network Administrator
Azad University of Mashhad.
Mashhad, Iran

Specialized in network security, pen-testing and IT forensics.

Founder of Iran‟s honeynet project www.Honeynet.ir

Author of dozen articles for various Persian IT magazines.

Agenda
Cyber War/Warfare
Definition of Cyber Warfare
Impact of a Cyber War
Cyber Weapons Architecture
Examples of Cyberwar Activity
Moderating Effects on Cyberwar

Introduction to honeypots and honeynets
What is a honeypot?
Benefits /Downsides of deploying a honeypot
How to classify a honeypot?
Advantages/Disadvantages of honeypots
What is a honeynet?
Free and commercial honeypot solutions
Installing your own honeypot (Case Study Report)
Introduction to forensics
Future of honeypot technologies
Summary

Definition of Cyber Warfare

“Actions by a nation-state to penetrate
another nation's computers or
networks for the purposes of causing
damage or disruption”
-Richard A. Clarke

“The Economist describes cyber warfare as "the fifth
domain of warfare,".

Relationship to Traditional Warfare

Cyberwar could be additional domain in
traditional warfare
Used as initial stage to reduce command and
control facilities, harm national
infrastructure, spread propaganda, reduce
confidence in government
Could be a standalone approach to warfare
Potential for significant harm to foreign
country in the information age

Technological Approaches for Cyber Attacks
Three Major Approaches :
Break in, steal information
From computer systems or networks

Directly affect functionality of computers or
related equipment through use of
worms, viruses, logic bombs and/or other
malware

Denial of Service (DoS)
flood of messages to computer systems that
overwhelms them and renders them non-functional

Infrastructure Subject to Attack
Businesses
Military command and control system
Transportation systems
Air
Rail
Power grid
Manufacturing facilities
Communication systems
…

Impact of a Cyber War (real story)
February 2008
US government announced the results of Operation
Infrastructure, which took place on Nov-Dec 2007 .

The Operation resulted in the seizure of more than 360,000
counterfeit integrated circuits and computer network
components bearing more than 40 different trademarks.

The FBI has confiscated more than $75 million of counterfeit
Cisco networking gear. The announcement is in a progress
report on a two-year-old investigation, code named Operation
Cisco Raider. In most cases the fake gear was made in China
and imported into the United States where unethical resellers
passed it off as legit.

INTELLIGENCE BRIEFING

The political fallout
of a cyber attack will
be high, but this will
pale in comparison Physical Impact
to the financial and
Social Impact
economic impact!
Political Impact

The financial and Financial Impact
economic impact
could be as high
as $30 billion a day! 0 1 2 3 4 5
Low Medium High

Copyright 2003 – 2007 All Rights Reserved
2

Billion U.S. Retail eCommerce Sales
$250
That’s
$425 million
$200
a day.
$150

$100

$50

$0
2006 2007 2008 2009 2010

Cyber Weapons Proliferation
The cost to develop this new class of
weapon is within reach of any
country, any extremist group, any criminal
organization and tens-of-millions of
individuals.

The raw materials needed to construct cyber weapons are
not restricted and are widely available.

We now have a weapon that can strike at the speed of
light, it can be launched from anywhere in the world, and it
can target anywhere in the world.

Modern Weapons Economics

What does a stealth bomber cost? $1.5 to $2 billion

What does a stealth fighter cost? $80 to $120 million

What does an cruise missile cost? $1 to $2 million

What does a cyber weapon cost? $300 to $50,000

Modern Weapons Economics
The price of a targeted mailing can range from $70 for
a few thousand addresses to $1000 for tens of
millions.

The average price of installing a malicious program
on a thousand computers in China is $3 and in the US
$120

Small botnets of a few hundred bots cost $200 to 700.

The Shadow botnet, which was created by a 19-year-
old hacker from Holland and included over 100,000
computers, was put on sale for $36,000

Find the Weapons Facility
Nuclear Weapons Facility Cyber Weapons Facility

Where’s the Cyber Weapons Facility?

Cyber Weapons Evolution
Basic Applied Early Rapid Significant Threat
High

Research Research Adopters Advancement

Advanced Weapons
Basic Weapons
Low

1994 1998 2002 2004 2008 2012 2016

Interesting Quote

“Cyber war can become a very
effective global problem because it is
low-risk, low-cost, highly effective
and easily globally deployable. It is
almost an ideal weapon that nobody
can ignore.“
-NATO's cyber defense chief

Cyber Weapons Architecture
A missile is comprised of three basic
elements. The first is a delivery vehicle
(rocket engine), followed by a
navigations system (tells it how to get
to the target) and finally the payload
(the component that causes harm). As
it turns out, the same three elements
now appear in the design of cyber
weapons.

Cyber Weapons Design
There are numerous methods of delivering cyber
weapons to their targets:

Emails with malicious code embedded or attached.

Web sites that can have malicious links and downloads.

Hacking is a manually delivery vehicle that allows a
cyber soldier to place the malicious payload on a target
computer, system or network.

Counterfeit hardware, software and electronic
components.

System vulnerabilities are the primary navigation
systems used in cyber weapons.
Just as navigation system guides a missile; it allows the
malicious payload to reach a specific point inside a
computer, system or network.
Vulnerabilities in software and computer system
configurations provide entry points for the payload of a
cyber weapon.
These security exposures in operating systems or other
software or applications allow for exploitation and compromise.
Exploitation of these vulnerabilities may allow unauthorized
remote access and control over the system

The payload of a missile is sometimes called a
warhead and is packed with some type of
explosive.
In a cyber weapon the payload could be:

A program that copies information off of the computer
and sends it to an external source.
It can also be a program that begins to ease or alter
information stored on the system.
Finally, it can allow remote access so that the computer
can be controlled or directed over the internet.
A “bot” (a component of a botnet) is a great example of a
payload that allows remote use of the computer by an
unauthorized individual or organization.

Examples of Cyberwar Activity
Titan Rain (2003)

Power Outages in US & Canada (2003)

Syria (2007) – Orchard Operation

Estonia (2007) – Web War I

Stuxnet Worm (2009-2010)

Titan Rain (2003)
Coordinated attacks on US military and
industrial computer systems

Access gained to computer systems and
networks including Lockheed Martin and
NASA

Purpose and identity of attackers remains
unclear, though origin appears to be
Chinese military
Though could be “through” Chinese military

Power Outages in US & Canada (2003)
China‟s People‟s Liberation Army played a
role in the power outages.

PLA in 2003 gained access to a network
that controlled electric power systems
serving the northeastern United States.

An estimated 50 million people were
affected.

Syria (Sept. 2007)
Israeli aerial bombing of facility in
Syria, alleged nuclear facility being
constructed by North Koreans.

Syrian air defense networks saw no planes;
later found Russian-built radar system
screens manipulated to show nothing.

Exact cause not known, but options all point
to manipulation of software controlling radar
system.

Estonia (April 2007)
Sometimes referred to as “Web War 1”
Followed Estonia relocating the Bronze
Soldier of Talinn, a Russian monument.
Sophisticated and large set of denial of
service (DoS) attacks on Estonian
parliament, banks, ministries, newspapers,
other web sites.
Severe effect on above institutions for
approximately three weeks.

Stuxnet Worm
Very complex Windows-specific computer
worm that infects computers and connected
industrial control equipment (PLCs).
First known worm to attack industrial
infrastructure.
Spreads through USB thumb drives as well
as network connections.
Utilizes four “zero-day” exploits.
Microsoft Windows Shortcut „LNK/PIF‟ Files Automatic File Execution Vulnerability
Windows Print Spooler Vulnerability.
Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability
Microsoft Windows Server Service RPC Handling Remote Code Execution

Stuxnet Worm
Uses stolen valid security certificates.
Private keys belong to Realtek Semiconductor Corps!!!

Initial high rate of infection in
Iran, specifically found at nuclear facilities
May be government (Israel, US, UK?)
attempt to damage Iranian nuclear facilities
Unclear if delay or damage actually
occurred
Worm has spread to many other countries

Moderating Effects on Cyberwar
Diversity of systems and networks.
Many networks, multiple operating systems

Increasing efforts on intrusion detection and
prevention.

Early detection may help reduce scope of
effects, though malware can spread quickly.

What Is Honeypot ?

“A honeypot is an information system
resource whose value lies in unauthorized
or illicit use of that resource.”
-Lance Spitzner

“A honeypot is a computer system that is expressly
set up to attract and "trap" people who attempt to
penetrate other people's computer systems. (This
includes the hacker, cracker, and script kiddy.) ”

The threat is real
Information security has been primarily defensive.

Black hats have the initiative; attack whatever
they want, whenever they want

Public knows very little about the black hats (Who
are they? How do they attack? Why?)

Arms races, and the bad guys are always ahead

The Attack Sophistication vs. Intruder Technical Knowledge
Source : CERT® Coordination Center

Benefits of deploying a honeypot
Risk mitigation:
A honeypot deployed in a productive
environment may lure an attacker away from
the real production systems (“ easy target“).

• Risk mitigation:
• A honeypot deployed in a productive environment may lure an
attacker away from the real production systems (“ easy target“).

IDS-like functionality:
Since no legitimate traffic should take place to
or from the honeypot, any traffic appearing is
evil and can initiate further actions.

• Risk mitigation:
• A honeypot deployed in a productive environment may lure an
attacker away from the real production systems (“ easy target“).
• IDS-like functionality:
• Since no legitimate traffic should take place to or from the
honeypot, any traffic appearing is evil and can initiate further
actions.

Identification and attack strategies:
Find out who and why somebody attacking
you and what strategies he/her is using.

cont.

Evidence:
Once the attacker is identified all data
captured may be used in a legal procedure.

cont.

• Evidence:
• Once the attacker is identified all data captured may be used in a
legal procedure.

Research:
Operating & monitoring a honeypot can reveal
most up-to-date techniques/exploits and tools
used as well as spreading techniques of
worms or viruses.

Downside of deploying a honeypot
Limited view:
Honeypots can only track and capture activity
that directly interacts with them. Therefore
honeypots will not capture attacks against
other systems , unless the attacker or the
threat interacts with the Honeypot at the same
time.

Downside of deploying a honeypot
• Limited view:
• Honeypots can only track and capture activity that directly
interacts with them. Therefore honeypots will not capture attacks
against other systems , unless the attacker or the threat interacts
with the Honeypot at the same time.
Additional risk:
Deploying a honeypot could create an additional risk
and eventually put a whole organizations‟ IT security
at risk.
Just as all security related technologies honeypots
have risk. Depending on the type of honeypot
deployed there is the risk the system is being taken
over by a bad guy and being used to harm other
systems. This could lead to serious legal
consequences.

How to classify a honeypot?
Honeypots are classified by the level of
interaction they provide to the attacker:

 Low-Interaction honeypot  High-Interaction honeypot
Only parts of (vulnerable) An attacker is provided with a full
applications or operating systems and working operating system
are emulated by software. enabling him/her to interact in the
highest way possible.
No real interaction
Examples: Symantec Decoy
Examples: Specter, Honeyd, and
Server and Honeynets
KFSensor

Advantages of
Low-interaction Honeypot vs. High-interaction Honeypot
Low-interaction Honeypot High-interaction Honeypot

Good starting point You will face real-life data and
attacks so the activities captured are
Easy to install, configure, deploy
most valuable.
and maintain
Learn as much as possible about
Introduce a low or at least limited
the attacker, the attack itself and
risk
especially the methodology as well
Logging and analyzing is simple as tools used.
Only transactional information are available,
no information about the attacks
Can help you to prevent future
themselves, e.g. time and date of an attack, attacks and get a certain
protocol, source and destination IP as well understanding of possible threats.
as port

Disadvantages of
Low-interaction Honeypot vs. High-interaction Honeypot
Low-interaction Honeypot High-interaction Honeypot

Pretty boring :-) Building, configuring, deploying and
maintaining a high-interaction
No real interaction for an attacker
honeypot is very time consuming.
possible Different technologies (e.g. IDS, firewall etc.) that
have to be customized.
Very limited logging abilities
Analyzing a compromised honeypot
Can only capture known attacks
is extremely time consuming and
Easily detectable by a skilled difficult (40 hours for every 30 minutes an
attacker attacker spend on a system!) (e.g.
identity exploits, rootkit, system or
configuration modifications etc.).
It introduces a high level of risk.
if there are no additional precautions
in place - might put an organizations
overall IT security at stake.

What Is Honeynet ?
Honeynet is a network that contains one or
more honeypots. Honeynet is an architecture.

Since honeypots are not production systems, the honeynet
itself has no production activity, no authorized services. As
a result, any interaction with a honeynet implies malicious
or unauthorized activity.

This architecture creates a highly controlled network, one
that you can control and monitor all activity that happens
within it. You then place your target systems, your
honeypots, within that architecture.

Free Honeypot Solutions
Honeyd (Virtual Honeypot Framework)
VHF presents a framework for virtual honeypots that simulates
virtual computer systems at the network level. The simulated
computer systems appear to run on unallocated network
addresses. VHF can simulates the different operating systems and
services for an arbitrary number of virtual systems.
Spamhole
Fake open SMTP relay, intended to stop (some) spam by
convincing spammers that it is delivering spam messages for
them, when in fact it is not.
Kojoney
Kojoney is a low level interaction honeypot that emulates an SSH
server. (You will see more about that on next slides)
Deception toolkit (DTK)
A free and programmable solution intending to make it appear to
attackers as if the system running DTK has a large number of
widely known vulnerabilities.

Free Honeypot Solutions
LaBrea (Sticky Honeypot and IDS)
LaBrea is a program that creates a tarpit or "sticky honeypot".
LaBrea takes over unused IP addresses on a network and creates
"virtual machines" that answer to connection attempts. LaBrea
answers those connection attempts in a way that causes the
machine at the other end to get "stuck", sometimes for a very long
time.
ProxyPot
Proxypot is a server that pretends to be an open proxy, taking
requests from bad people to do bad things, and responding with a
simulation instead of doing the evil deed.
FakeAP (Wireless Honeypot)
FakeAP generates thousands of counterfeit 802.11b access points.
Hide in plain sight amongst Fake AP's cacophony of beacon
frames.

Commercial Honeypot Solutions
Symantec Decoy Server (Mantrap)
Symantec Decoy Server sensors deliver holistic detection and
response as well as provide detailed information through its system
of data collection modules.
Specter
Specter offers common Internet services such as
SMTP, FTP, POP3, HTTP and TELNET. They appear to be normal
to the attackers but are in fact traps for them.
KFSensor
KFSensor is designed for use in a Windows based corporate
environment. KFSensor works by simulating systems services at
the highest level of the OSI Network Model - the application layer.

Installing Your Own Honeypot
Depending on the type of technology used there are
different things to consider when installing and
deploying a honeypot.
Low-interaction honeypot:
Make sure an attacker can‟t access the underlying
operating system (especially when using plugins!), just
KEEP IT SIMPLE!.

If possible make use of the honeypot‟s features to
emulate a more realistic environment (e.g. traffic
shaping).

Make sure to use the latest versions available.

High-interaction honeypot:
Use advanced network techniques to control the
honeypot (e.g. firewalls, IDS/IPS, bandwidth control)
and make sure it can‟t be used to harm third parties (e.g.
legal issues of an open relay)

If possible, poison the honeypot (could lead to detection
of the poison or the honeypot itself).

Use software that actually has vulnerabilities or your
honeypot *might* never be exploited successfully.

Use tripwire or AIDE to get a snapshot of the system.

Don‟t expect too much!
In the beginning don‟t force yourself too much. You will
probably want to catch 0-day exploits but that is a *long*
way to go! Start with something simple.
Wipe the hard drive before using it in a honeypot
When recovering files of a compromised honeypot a
“dirty” hard disk might confuse you as there is probably
old and non-honeypot related data on it which might
also be recovered.
Copy the evidence before analyzing it (e.g. with dd).
Give the honeypot enough time to work.
An attacker needs time to compromise a system and
work with it. Just give him or her enough time to play
(e.g. two weeks).

My SSH Honeypots
I have deployed more than 8 low-interaction SSH
honeypot based on CentOS 5 and Kojoney in
different Internet IP spaces.

Each honeypot was available for 60 days. and
wasn‟t supported by an IDS or a firewall
(increased degree of difficulty).

The SSH honeypot servers were attacked
numerous times during this period, but have not
been successfully compromised because of the
nature of the low-interaction honeypot.

SSH Honeypots Statistics
Number of honeypots 8
Log files size ~ 2.0 GB
Honeypots operational days 60
Illegal login attempts 118,997
Attacks originating from 1338 IP Addresses
Attacks originating from 75 Countries
Largest number of login
2284 times
attempts in a single session
Most operating system used
Linux
by attackers
Most attacks came from China !!! (India ranks 6th)
Most common username root
Most password used 12345

Kojoney SSH Problems
Lack of support of SSH command line e.g. SSH –p
22 „uname –a‟

Few Linux command supported.

Lack of detail report about passwords used by
attackers and attacks frequency. [SOLVED!]

Weakness in Country-Lookup module. [SOLVED!]

Decenteralize logging mechanism.

How To
Install
SSH Honeypot

Linux CentOS is up and running

Update some files… (optional)

Http://www.honeynet.ir/software/kojoney-update/TwisteConch-0.6.0.tar.gz
Http://www.honeynet.ir/software/kojoney-update/IP-Country-2.27.tar.gz
Http://www.honeynet.ir/software/kojoney-update/Geography-Countries-2009041301.tar.gz
Http://www.honeynet.ir/software/kojoney-update/kojreport

Computer forensics involves the court-proof
preservation, identification, extraction, documentation and
interpretation of computer data.

Bear in mind laws and legal regulations when
installing, operating or analyzing a honeypot as this might
lead to quite difficult legal situations…
Monitoring/surveillance without permission
Assisting crime
Violation of privacy and data protections laws
…

During a forensic investigation follow a clear and well-
defined methodology:
Acquire the evidence without modifying or damaging the original
(and eventually without leaving any traces of your actions behind!)
Check integrity of recovered data and verify recovered data and
original is identical
Analyze the data without modifying it

The key to any investigation is documentation. Use any
documentation alternative (e.g. photos) available to
document the investigation process.

Do not store information obtained on local system but
transfer them to a third party (e.g. using netcat or ssh).

Volatile information: Information stored in RAM (e.g. list of
running processes, memory contents, open files, network
connections, passwords etc.) will be lost when the
machine is turned off.
Unix/Linux:
ps, netstat, ifconfig, date, grep, last, cat, ls, lsof, mount, dd, fdisk, …
Microsoft Windows:
netstat, ipconfig, VICE, diskmon, filemon, handle, listdlls, process
explorer, pstools, regmon, tcpview, tdimon, tokenmon, livekd

Non-volatile information: Information is preserved even
when the power is switched off (e.g. files stored on a hard
drive).

Future of honeypot technologies

Honeytokens

Wireless Honeypots

HoneyClients

Honeypot Detection Technologies

Honeytokens
The concept of Honeytokens is not new. This concept is
as old as security itself. For example, map-making companies often
inserting bogus cities or roads into their maps to determine if competitors are
selling copied versions of their own maps.

Generally a honeytoken could be a bogus record in a
database which is not needed by any application. If
someone tries to access this an alarm can be indicated
(honeypot inside an application).
Examples: Patient record John F. Kennedy in a hospital‟s patient database.
There is no such patient in the hospital. Bogus SSN and CC numbers

The monitoring can be made in the database or on the
wire (e.g. Snort) looking for the signature “John F.
Kennedy”

Wireless Honeypots
Usage of honeypot technology to detect intruders of
wireless networks.

Unlike Internet-based honeypots, anyone detected on a
wireless network will be located within a few blocks of the
trap, perhaps parked in a car or sitting on a bus bench.
Therefore you may plan to deploy video cameras on the
street, or to physically confront hackers.

Other wireless technologies, like Bluetooth could be also
considered.

Honeyclients
Client Honeypots are active security devices in
search of malicious servers that attack clients.

The client honeypot poses as a client and interacts
with the server to examine whether an attack has
occurred.

Often the focus of client honeypots is on web
browsers, but any client that interacts with servers
can be part of a client honeypot .

Examples: Capture-HPC, HoneyC, SpyBye
.

Honeypot Detection Technologies
Finding honeypots is a difficult process.
As discussed before attackers look for differences
between a real system and a honeypot
representation of a system. Examples of techniques
under development:
Connection Limiting
Honeypot will count the outbound connections within a period of
time.
Once the threshold is reached the new outbound connections are
denied
One of the most easiest characteristics to detect
Simply open up 10-20 websites and see if the connection is blocked
Outbound packet alteration
Modifies packets that are believed to be of an exploitive nature
Honeypots compute a hash of portions of the packet
Returns a response based on the hash
Attacker expects to receive a known response but instead receives
a modified response from the honeypot.

Summary
Honeypots are not yet widespread. A reason might be the lack
of know-how in most organizations to setup and maintain such
complex systems. It seems difficult for IT coordinators to justify
additional security investments. In contrast to packet filters or
anti-virus software, which have propagated into almost every
organizations network, honeypots do still remain in universities
or other research environments.

Honeypot technology is still in its infancy. Most of the tools that
exist at the moment are complicated to deploy and to maintain.
Analyzing compromised honeypots supports you in getting a
certain understanding of tools, methodologies and avenues
used by attackers in the wild (may improve your own hacking
skills as well as defense strategies!)

References
[1] The Honeynet Project. “Know Your Enemy – Honeynets”. Available from:
http://www.honeynet.org/papers/honeynet/index.html
[2] Lance Spitzner, "Honeypots, tracking the hackers". Available from:
http://www.tracking-hackers.com/
[3] Scottberg, B., Yurcik, W. and Doss, D., Internet Honeypots: Protection or
Entrapment, IEEE International Symposium on Technology and Society (ISTAS),
Raleigh, NC USA, June 2002.
[4] Chuvakin, A., Honeypot Essentials, Information Systems Security 11(6), Feb.
2003, 15 – 21.
[5] Webpage of the Honeynet Project. Available from: http://www.honeynet.org/
[6] Hontanon, R. J., Deploying an Effective Intrusion Detection System, Network
Magazine 15(9), September 2000, 60 – 65.
[7] Spitzner, L., The Honeynet Project: trapping the hackers, Security & Privacy,
IEEE 1(2), Mar-Apr 2003, 15 – 23.
[8] Lance Spitzner, "Problems and Challenges with Honeypots", Available from:
http://www.symantec.com/connect/articles/problems-and-challenges-honeypots
[9] Capalik,len, Next-Generation Honeynet Technology with Real-Time Forensics for
U.S. Defense, Military Communications Conference, MILCOM 2007, IEEE, Oct.
2007, 1-7.
[11] Computer Security and Cyberwarfare Dr. Paul Wagner
[12] Cyber Warfare & Cyber Weapons Kevin G.Coleman

References
[15] Rathgeb, Erwin P. Hoffstadt, The E-Mail Honeypot System Concept, Digital
Society, Second International Conference. IEEE, October 2007, 1-6.
[16] Laurent Oudot, Fighting Spammers with Honeypots, November 26, 2003,
Available from: http://www.securityfocus.com/infocus/1747
[17] Niels Provos , Virtual Honeypot Framework , 13th USENIX Security Symposium
, 2004, 14.
[19] Specter: A Commercial Honeypot Solution for Windows, Available from:
http://www.specter.com/
[20] Lance.spitzner, Honeynet Project. Know your enemy: Genii honeynets. Easier
to deploy, harder to detect, safer to maintain. Available from:
http://www.honeynet.org/papers/gen2/
[22] Jacobson, V., Leres, C., & McCanne, S. tcpdump, Intercept and display
communications. Available from: www.tcpdump.org
[23] Robert Lemos, Special to ZDNet, "Honeypots get stickier for hackers", Available
from: http://www.zdnet.com.au/news/security/soa/Honeypots-get-stickier-for-
hackers/0,130061744,120273670,00.htm
[24] Brien M. Posey MCSE, TechRepublic, “Strategies for real and virtual
honeypots”. Available from:http://www.zdnet.com.au/insight/security/soa/Strategies-
for-real-and-virtual-honeypots/0,139023764,139148516,00.htm
[25] Miguel Hernandez y Lopez, Carlos Francisco Lerma Resendez, Honeypots:
Basic Concepts, Classification and Educational Use as Resources in Information
Security Education and Courses, Proceedings of the Informing Science & IT
Education Conference. 2008.

Thanks for your (long)
patience
and attention!

I would now like to
answer your questions.

Honeypots in Cyberwar

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Honeypots in Cyberwar (20)

More from Mehdi Poustchi Amin (20)

Recently uploaded (20)

Honeypots in Cyberwar

Editor's Notes