|International Journal of Advance Computational Engineering and Networking (IJACEN)-IJACEN
|Volume-2,Issue-10 ( Oct, 2014 )
|Pythonhoneymonkey: Detecting Malicious Internet Websites On Client Side Honeypots
|Rohit Shukla, M. Singh
|Associate Professor Computer Science & Engineering Dept. Thapar University, Patiala, Punjab, India
|With increasing awareness of security programming, the number of software vulnerabilities deployed on a machine have subsequently decreased. These exploitation activity also required efforts of attackers in deploying, exploiting the service. Firewalls, access control lists (ACL’s), intrusion detection/prevention systems deployed block inbound connections most of the times. Whereas outbound connections are allowed since they have the permission of user accessing the traffic. A vulnerable application requesting traffic from an externally hoisted server is exploited and user accessing the application transfers shell to the server listening remotely. To eradicate this kind of attack technique, this paper focuses on creating a high interaction honeypot system controlled by a python script. The client honeypot is governed by master running python script using SSH traffic. Clients collect the urls by specifically crafted web-links crawler. These web links are visited by the application specified. Then clients report all the suspicious activities performed in the form of logs and alerts created by snort IDS while running the web pages on client side browsers. This url is further then stored into a blacklist which can restrict browser from visiting this link in future. We introduce the design and implementation of this system in this paper.