NoSEBrEaK - Attacking Honeynets

Maximillian Dornseif; Thorsten Holz; Christian N. Klein

arXiv:cs/0406052·cs.CR·November 15, 2016

NoSEBrEaK - Attacking Honeynets

Maximillian Dornseif, Thorsten Holz, Christian N. Klein

PDF

TL;DR

This paper reveals a method by which attackers can fully control a host within a honeynet without triggering significant detection or logging, challenging the assumption that honeynets are inherently hard to compromise.

Contribution

It introduces a novel attack technique that allows complete control over honeynet hosts without detection, highlighting vulnerabilities in honeynet security assumptions.

Findings

01

Attack can fully control honeynet hosts

02

Honeynets can be compromised without detection

03

Challenges existing security assumptions

Abstract

It is usually assumed that Honeynets are hard to detect and that attempts to detect or disable them can be unconditionally monitored. We scrutinize this assumption and demonstrate a method how a host in a honeynet can be completely controlled by an attacker without any substantial logging taking place.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.