The Web Application
Security Consortium (WASC) is pleased to announce the inital
release of data collected by the Distributed Open Proxy Honeypot Project. This
first release of information is for data gathered from January – April, 2007.
During this timeframe, we had 7 internationally placed honeypot sensors deployed
and sending their data back to our central logging host.
What did we
see? Here are some brief highlights –
– SQL Injection Attacks
– Brute
Force Attacks
– OS Command Injection
– Web Defacement Attempts
–
Google-Abuses (Google-Hacking and Proxying for BannerAd/Click Fraud)
–
Information Leakage
We have created a PDF document here – http://www.webappsec.org/projects/honeypots/Threat_Report_05072007.pdf
. The attacks are mapped to the WASC Threat Classification categories. There are
some high-level statistics shown, however they are very crude as this was not
the focus of this phase of the project. We understand that the data presented is
a bit raw, however we wanted to release this information so that the public may
have a chance to review it and provide feedback. Our initial goal was to
identify the types of current attacks that are using open proxy servers. In our
future deployments, we will attempt to refine the data analysis processes to
extract out trend data and high level concepts. In the near future, we will be
updating both the VMware honeypot sensors themselves and will also use a newer
version of the centralize logging host (ModSecurity Console).
We are
also planning to release more frequent information in the form of diary entries
on the project webpage as new attacks/trends are identified.
While the
initial deployment was a success, we still need participants who are willing to
participate by deploying our VMware honeypot sensor on their network. If you are
interested in participating, please send an email to Ryan Barnett at –
RCBarnett_@xxxxxxxxxxx
