Honeynet logs 41pc increase in attacks


11 Dec 2002

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

The Irish Honeynet project, which consists of a group of computers designed from the start to be compromised and hacked, has revealed that malicious hackers aggressively scan Irish systems for vulnerability and holes more than a dozen times every day.

Espion, Deloitte & Touche and Data Electronics have been maintaining and monitoring the Honeynet for six months and a massive 614 attacks were recorded during October of this year – a 41pc increase over the period in question.

The project www.honeynet.ie is a research initiative sponsored by the above firms and hosted by Data Electronics.

The Honeynet works by placing an off-the-shelf server (deliberately without any particular security patches or other modifications) out on the internet and monitoring tools are set up to record the activities of the hacking community in action.

Since April this year, the number of attacks has increased month on month leaving project members with volumes of data from which lessons can be learned and passed on. The Honeynet has captured and analysed the hackers’ virus activity. They have even recorded hackers’ online conversations revealing how they operate.

In October, the heart of the internet sustained its largest and most sophisticated attack ever. Nine out of 13 backbone root servers were simultaneously attacked in what has been described as ‘the most sophisticated and large-scale assault against these crucial computers in the history of the internet.’

An Irish internet service provider (ISP) recently became the victim of serious problems with spam mail. Delivery of email to subscribers was delayed for a period as a result.

Colman Morrissey, managing director of Espion, said: “While we can’t be certain as to why attacks almost doubled in the first six months of operation, it can safely be argued that the longer a system is online, the higher the likelihood of attacks. Systems will be constantly and aggressively probed and if they are running outdated, un-patched or vulnerable software, they will eventually fall victim to attack.

Gerry Fitzpatrick, partner in charge of Enterprise risk services at Deloitte & Touche, said: “We are working to decipher all the data we have, so that we can determine why this increase has happened in the past six months. If attacks continue at this rate, we could be dealing with over 1,200 attacks per month in a year’s time.”

By Suzanne Byrne