View The Document

Accession Number:

AD1046884

Title:

Deception Using an SSH Honeypot

Personal Author(s):

McCaughey,Ryan J.

Corporate Author:

Naval Postgraduate School Monterey United States

Report Date:

2017-09-01

Abstract:

The number of devices vulnerable to unauthorized cyber access has been increasing at an alarming rate. A honeypot can deceive attackers trying to gain unauthorized access to a system studying their interactions with vulnerable networks helps better understand their tactics. We connected an SSH honeypot responding to secure-shell commands to the Naval Postgraduate School network, bypassing the firewall. During four phases of testing, we altered the login credential database and observed the effects on attackers using the honeypot. We used different deception techniques during each phase to encourage more interaction with the honeypot. Results showed that different attackers performed different activities on the honeypot. These activities differed in total login attempts, file downloads, and commands used to interact with the honeypot. Attackers also performed TCPIP requests from our honeypot to direct traffic to other locations. The results from this experiment confirm that testing newer and updated tools, such as honeypots, can be extremely beneficial to the security community by helping to prevent attackers from quickly identifying a network environment.

Descriptive Note:

Technical Report

Pages:

0083

Descriptors:

COMPUTER SECURITY TECHNIQUES

CYBERATTACKS

computer networks

deception

NETWORK SECURITY TECHNIQUES

Identifiers:

honeypot

ssh(secure shell)

ttp(tactics techniques and procedures)

Subject Categories:

Computer Systems Management and Standards

Communities Of Interest:

Cyber

Modernization Areas:

Cyber

Distribution Statement:

Approved For Public Release;

File Size:

2.68MB

View The Document