Fellow WASC Officer Ryan Barnett has started the next phase of the Distributed Open Proxy Honeypot Project where people deploy open relay proxies and send the results to a central host for analysis. I met up with Ryan at blackhat where he showed me the central console displaying metrics for each proxy node (shown below).
In almost no time 170000 alerts triggered, certainly will be interesting to see what attackers use these for over the period of a few months.
Internetnews has published an article discussing this project and its goals.
"The idea behind the IT security concept known as the honeypot is all about luring hackers into a server or network so they can be tracked. The Web Application Security Consortium (WASC) has its own particular brand of honey to attract would-be attackers -- a blend of open source and open proxies.
The WASC is now entering Phase Three of its Distributed Open Proxy Honeypot Project, including more participants, sensors and analytical reporting as the project moves into wide deployment. The aim remains the same, however: providing security researchers and law enforcement with a new resource in the battle against Web attacks.
"Ultimately what we're trying to identify is Web-based attacks -- how are they are actually happening -- because it's very hard to get real details," WASC Honeypot Project Leader Ryan Barnett told InternetNews.com." - InternetNews
Read more: http://www.internetnews.com/security/article.php/3832131/WASC+Honeypot+Opens+Up+With+Open+Source.htm
Distributed Open Proxy Honeypot Project Homepage: http://projects.webappsec.org/Distributed-Open-Proxy-Honeypots
WASC Honeypots on Twitter: http://twitter.com/waschoneypots