Georgia Tech Honeynet Research Project

Quarterly Reports                                                              

Initial Observations

Who We Are

In cooperation with the The Honeynet Research Alliance, students, faculty and network administrators of the Georgia Institute of Technology are involved in a research project aimed at improving the security of the Georgia Tech campus network in addition to improving overall Internet security.  We have established a network of honeypots (counterfeit hosts) known as a honeynet  within the Gerogia Tech IP (Internet Protocol) address range.  This honeynet is accessable from both the Internet and within the campus network and is subject to frequent intrusions and attacks.  The Honeynet has been established with monitoring capabilities to observe and record this intrusion and attack activity.  The main objective of the Georgia Tech Honeynet is to increase the overall security of the Georgia Tech campus network by observing the actions of would-be attackers of Georgia Tech systems.  For more information on honeypots and honeynets, see the Honeynet Project   "Know Your Enemy" series of papers.  For a specific description of the employment of the Honeynet on the Georgia Tech Campus network, see the paper titled: The Use of Honeynets to Detect  Exploited Systems Across Large Enterprise Networks presented at the Fourth IEEE SMC Information Assurance Workshop at West Point, NY in June, 2003

 

Participants in our project include:

bulletJulian Grizzard
bulletHenry Owen
bulletHerbert Baines
bulletBrian Culver, CISSP
bulletDidier Contis
bulletMike Dorsey. Jr.
bulletDave Maynor

 

About or Honeynet

We currently employ a mixture of Linux and Microsoft systems on our Honeynet.  These are actual live systems and not emulated software systems.  This is in keeping with the requirements to present a Honeynet  that is represents live production systems on the Georgia Tech campus network.  A particular operating system that concerns the network system administrators will be set up on the Honeynet  when necessary.  These steps are taken to increase the security of the Georgia Tech Network.  The following figure is representative of the current configuration of the Georgia Tech Honey

 

Figure 1 -Georgia Tech Honeynet

 

Contact Information

 

For further information concerning the Georgia Tech Honeynet Research Project, contact   grizzard"AT"ece.gatech.edu

 

PGP Public Key

A public PGP key is available for the Georgia Tech Honeynet project at
ldap://certserver.pgp.com under Georgia Tech Honeynet.