Monitoring indonesia darknets - Revealing the unseen security intrusion

•

3 gefällt mir•927 views

Charles Lim

Are you aware that malicious attackers are attacking your unused IP addresses?

Internet

Monitoring Indonesia Darknets –
Revealing the Unseen Security
Intrusion
CodeBali International Cyber Security Conference
Bali, 22 September 2015
Charles Lim

Speakers
• Charles Lim, Msc., ECSA, ECSP, ECIH,
CEH, CEI
• More than 20+ year in IT services industry
• IP networking, Software Automation,
• Led Indonesia Chapter (2012)
• Lecturer and Researcher at Swiss German
University (Information Security Group) –
http://people.sgu.ac.id/charleslim

Agenda
• Introduction to Honeynet
• Introduction to Honeynet - Indonesia
Chapter
• What is darknets?
• Honeypots
• Attack Statistics
• The New Dashboard
• Conclusion

Introduction to The Honeynet
Project
• Volunteer open source computer security
research organization since 1999 (US 501c3
non-profit)
• Mission: ¨learn the tools, tactics and motives
involved in computer and network attacks, and
share the lessons learned¨ -
http://www.honeynet.org

Brief Introduction to The
Honeynet Project
Honeynet Workshop 2015 @ Stavanger

Indonesia Chapter
• 25 November 2011, about 15
people from academia, security
professionals and government
made the declaration during
our yearly malware workshop
at SGU (Swiss German
University)
• 19 January 2012 accepted as
part of Honeynet Chapter
• Members: 109 (today)

Indonesia Chapter
• Indonesia Honeynet Project
• Id_honeynet
• http://www.honeynet.or.id
• http://groups.google.com/group/id-honeynet

Indonesia Honeynet Project
Seminar & Workshop
Honeynet Workshop 10-11 Juni 2015, Lampung

How we start?
• Four students of SGU in 2010 wanted to
explore how to use Data Mining to understand
Cyber Security Threats:
• 2 students focusing on Malware Threats
• 2 students focusing on Cyber Terrorism
• 1 Student SGU focused on capturing malware
using Honeypots (Nepenthes)
• We also invited Malware Expert, Pak Aat to
share his experience

Honeypot Deployment History
2009 2011 2013 2015
Learning
Period
Early
Period
Growing
Period
Expanding
Period
Honeypot:
Nepenthes
Honeypot:
Nepenthes,
Dionaea
Honeypot:
Dionaea
Honeypot:
Dionaea, Kippo,
Glastopf,
Honeytrap
Learning How to
install and
configure
Deployed 1st
Honeypot in SGU
More Honeypots
deployed
Coverage: Java,
Bali, Sumatera,
# Honeypots
deployed: None
# Honeypots
deployed: 1
# Honeypots
deployed: 5
# Honeypots
deployed: 13
Hardware: Client Hardware: Simple
Client and Server
Hardware: Mini PC
and Server
Hardware:
Raspberry Pi and
Dedicated servers

List of contributors
• Amien H.R.
• Randy Anthony
• Michael
• Stewart
• Glenn
• Mario Marcello
• Joshua Tommy
• Andrew Japar
• Christiandi
• Kevin Kurniawan

What is Darknets?
Darknet – portion of routed, allocated IP
space in which no active servers reside.
— Team CYMRU

What is Darknets?
Livenet Darknet
Live IP Address (used) Unused IPs

Darknets and Honeypots
Goal
• To understand cyber activities in our institutions
in Indonesia (Government, Education and
Industry)
How
• Honeypot servers put in the unused IP address
across the above organizations

Honeypots
Currently deployed
• Dionaea
• Kippo
• Glastopf
• Honeytrap
Future
• SPAMpots

Previous Works
• Nano PC with Atom processors
• Pull Protocol

Today
• Raspberry PI
• ARM processor
• RAM 512 MB, 8 GB SD Card
• Push Protocol

Near Future
• 1 U Rack Case
• 5 Raspberry PI
• 5 different honeypots: dionaea, glastopf, kippo,
etc.

Further Information
• The Honeynet Project
(http://www.honeynet.org)
• Indonesia Honeynet Project
(http://www.honeynet.or.id)
• Swiss German University
(http://www.sgu.ac.id)
• My Blog
(http://people.sgu.ac.id/charleslim)

Empfohlen

Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicCharles Lim

Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim

Mengenal ZEUS Botnet Lebih DekatCharles Lim

H@dfex 2015 malware analysisCharles Lim

Apt sharing tisa protalk 2-2554TISA

Detection and Analysis of 0-Day ThreatsInvincea, Inc.

Next Generation Advanced Malware Detection and DefenseLuca Simonelli

Ransomware lyLisa Young

Weitere ähnliche Inhalte

Was ist angesagt?

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...REVULN

ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC

Red team EngagementIndranil Banerjee

Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar

HackingVipinYadav257

BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)Lacoon Mobile Security

Remote forensics fsec2016 delija draftDamir Delija

2014: Mid-Year Threat ReviewESET

Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris

SplunkLive! Philadelphia - University of ScrantonSplunk

Advanced Persistent ThreatsESET

Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON

Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io

Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen

Intro to INFOSECSean Whalen

Persistence is Key: Advanced Persistent ThreatsSameer Thadani

Information Security AwarenessDigit Oktavianto

Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.

AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty

Advanced persistent threat (apt)mmubashirkhan

Was ist angesagt? (20)

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...

ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training

Red team Engagement

Advanced Persistent Threats (APTs) - Information Security Management

Hacking

BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)

Remote forensics fsec2016 delija draft

2014: Mid-Year Threat Review

Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...

SplunkLive! Philadelphia - University of Scranton

Advanced Persistent Threats

Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...

Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018

Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...

Intro to INFOSEC

Persistence is Key: Advanced Persistent Threats

Information Security Awareness

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed

Advanced persistent threat (apt)

Andere mochten auch

Malware threats in our cyber infrastructure Charles Lim

Workshop on Setting up Malware LabCharles Lim

Managing Cloud Security Risks in Your OrganizationCharles Lim

The Social Media Honey TrapLucy James

Indian armed forces army, navy , airforce, paramiliteryyogeshshilote

Honey Potiradarji

Andere mochten auch (6)

Malware threats in our cyber infrastructure

Workshop on Setting up Malware Lab

Managing Cloud Security Risks in Your Organization

The Social Media Honey Trap

Indian armed forces army, navy , airforce, paramilitery

Honey Pot

Ähnlich wie Monitoring indonesia darknets - Revealing the unseen security intrusion

Charles Lim - Honeynet Indonesia Chapter Indonesia Honeynet Chapter

The indonesia darknets revealed– mapping the uncharted territory of the internetCharles Lim

Charles Lim - Sistem pemantauan ancaman serangan siber di indonesia generasi ...idsecconf

ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)EDINA, University of Edinburgh

ICION 2016 - Cyber Security GovernanceCharles Lim

Cyber Security Week 2015: Get involved and contributeAPNIC

ION Santiago: Opening SlidesDeploy360 Programme (Internet Society)

ION Tokyo: Opening Slides, Chris GrundemannDeploy360 Programme (Internet Society)

APNIC Outreach Activities in Cyber Security APNIC

ION Trinidad and Tobago - Opening SlidesDeploy360 Programme (Internet Society)

ION Belfast - Opening Slides - Chris GrundemannDeploy360 Programme (Internet Society)

ION Cape Town - Opening RemarksDeploy360 Programme (Internet Society)

Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd

The Honeynet Project IntroductionJulia Yu-Chin Cheng

IoT – Breaking BadNUS-ISS

Privacy for tech startups Marc Gallardo

TFI2014 Conference Opening - ISOC Deployment & OperationalizationColorado Internet Society (CO ISOC)

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC

Engaging the software in research communitySoftware Sustainability Institute

ION Hangzhou - Opening RemarksDeploy360 Programme (Internet Society)

Ähnlich wie Monitoring indonesia darknets - Revealing the unseen security intrusion (20)

Charles Lim - Honeynet Indonesia Chapter

The indonesia darknets revealed– mapping the uncharted territory of the internet

Charles Lim - Sistem pemantauan ancaman serangan siber di indonesia generasi ...

ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)

ICION 2016 - Cyber Security Governance

Cyber Security Week 2015: Get involved and contribute

ION Santiago: Opening Slides

ION Tokyo: Opening Slides, Chris Grundemann

APNIC Outreach Activities in Cyber Security

ION Trinidad and Tobago - Opening Slides

ION Belfast - Opening Slides - Chris Grundemann

ION Cape Town - Opening Remarks

Using international standards to improve Asia-Pacific cyber security

The Honeynet Project Introduction

IoT – Breaking Bad

Privacy for tech startups

TFI2014 Conference Opening - ISOC Deployment & Operationalization

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...

Engaging the software in research community

ION Hangzhou - Opening Remarks

Monitoring indonesia darknets - Revealing the unseen security intrusion

1. Monitoring Indonesia Darknets – Revealing the Unseen Security Intrusion CodeBali International Cyber Security Conference Bali, 22 September 2015 Charles Lim

2. Speakers • Charles Lim, Msc., ECSA, ECSP, ECIH, CEH, CEI • More than 20+ year in IT services industry • IP networking, Software Automation, • Led Indonesia Chapter (2012) • Lecturer and Researcher at Swiss German University (Information Security Group) – http://people.sgu.ac.id/charleslim

3. Agenda • Introduction to Honeynet • Introduction to Honeynet - Indonesia Chapter • What is darknets? • Honeypots • Attack Statistics • The New Dashboard • Conclusion

4. Introduction to The Honeynet Project • Volunteer open source computer security research organization since 1999 (US 501c3 non-profit) • Mission: ¨learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned¨ - http://www.honeynet.org

5. Brief Introduction to The Honeynet Project Honeynet Workshop 2015 @ Stavanger

6. Indonesia Chapter • 25 November 2011, about 15 people from academia, security professionals and government made the declaration during our yearly malware workshop at SGU (Swiss German University) • 19 January 2012 accepted as part of Honeynet Chapter • Members: 109 (today)

7. Indonesia Chapter • Indonesia Honeynet Project • Id_honeynet • http://www.honeynet.or.id • http://groups.google.com/group/id-honeynet

8. Indonesia Honeynet Project Seminar & Workshop Honeynet Workshop 10-11 Juni 2015, Lampung

9. How we start? • Four students of SGU in 2010 wanted to explore how to use Data Mining to understand Cyber Security Threats: • 2 students focusing on Malware Threats • 2 students focusing on Cyber Terrorism • 1 Student SGU focused on capturing malware using Honeypots (Nepenthes) • We also invited Malware Expert, Pak Aat to share his experience

10. Honeypot Deployment History 2009 2011 2013 2015 Learning Period Early Period Growing Period Expanding Period Honeypot: Nepenthes Honeypot: Nepenthes, Dionaea Honeypot: Dionaea Honeypot: Dionaea, Kippo, Glastopf, Honeytrap Learning How to install and configure Deployed 1st Honeypot in SGU More Honeypots deployed Coverage: Java, Bali, Sumatera, # Honeypots deployed: None # Honeypots deployed: 1 # Honeypots deployed: 5 # Honeypots deployed: 13 Hardware: Client Hardware: Simple Client and Server Hardware: Mini PC and Server Hardware: Raspberry Pi and Dedicated servers

11. List of contributors • Amien H.R. • Randy Anthony • Michael • Stewart • Glenn • Mario Marcello • Joshua Tommy • Andrew Japar • Christiandi • Kevin Kurniawan

12. What is Darknets? Darknet – portion of routed, allocated IP space in which no active servers reside. — Team CYMRU

13. What is Darknets? Livenet Darknet Live IP Address (used) Unused IPs

14. Darknets and Honeypots Goal • To understand cyber activities in our institutions in Indonesia (Government, Education and Industry) How • Honeypot servers put in the unused IP address across the above organizations

15. Honeypots Currently deployed • Dionaea • Kippo • Glastopf • Honeytrap Future • SPAMpots

16. Previous Works • Nano PC with Atom processors • Pull Protocol

17. Today • Raspberry PI • ARM processor • RAM 512 MB, 8 GB SD Card • Push Protocol

18. Near Future • 1 U Rack Case • 5 Raspberry PI • 5 different honeypots: dionaea, glastopf, kippo, etc.

19. Monitoring Results

20. Monitoring Results

21. Monitoring Results

22. Monitoring Results

23. Monitoring Results

24. Monitoring Results (Ports Attacked)

25. Monitoring Results (Ports Attacked)

26. Monitoring Results (Ports Attacked)

27. Monitoring Results (Ports Attacked)

28. Monitoring Results (Ports Attacked)

29. Monitoring Results (Malware)

30. Monitoring Results (Malware)

31. Monitoring Results (Malware)

32. Monitoring Results (Malware)

33. Monitoring Results (Malware)

34. Monitoring Results (Malware)

35. Monitoring Results (Malware)

36. Monitoring Results (Malware)

37. New Dashboard

38. Further Information • The Honeynet Project (http://www.honeynet.org) • Indonesia Honeynet Project (http://www.honeynet.or.id) • Swiss German University (http://www.sgu.ac.id) • My Blog (http://people.sgu.ac.id/charleslim)

39. Indonesia Chapter • Indonesia Honeynet Project • Id_honeynet • http://www.honeynet.or.id • http://groups.google.com/group/id-honeynet

40. Questions ???