Fellow WASC Officer Ryan Barnett has started the next phase of the Distributed Open
Proxy Honeypot Project where people deploy open relay proxies and send the results to a central host for analysis. I met up with Ryan at blackhat where he showed me the central console displaying metrics for each proxy node (shown below).
In almost no time 170000 alerts triggered, certainly will be interesting to see what attackers use these for over the period of a few months.
Internetnews has published an article discussing this project and its goals.
"The idea behind the IT security concept known as the honeypot is all
about luring hackers into a server or network so they can be tracked.
The Web Application Security Consortium (WASC) has its own particular
brand of honey to attract would-be attackers — a blend of open source
and open proxies.
The WASC is now entering Phase Three of its Distributed Open
Proxy Honeypot Project, including more participants, sensors and
analytical reporting as the project moves into wide deployment. The aim
remains the same, however: providing security researchers and law
enforcement with a new resource in the battle against Web attacks.
"Ultimately what we're trying to identify is Web-based attacks
— how are they are actually happening — because it's very hard to get
real details," WASC Honeypot Project Leader Ryan Barnett told InternetNews.com." – InternetNews
Read more: http://www.internetnews.com/security/article.php/3832131/WASC+Honeypot+Opens+Up+With+Open+Source.htm
Distributed Open Proxy Honeypot Project Homepage: http://projects.webappsec.org/Distributed-Open-Proxy-Honeypots
WASC Honeypots on Twitter: http://twitter.com/waschoneypots
