Sumit Sharma happens to be the co-founder of Ethical Hacking forum, Hackers Garage. Sumit recently gave talk at NullCon Goa entitled “Capturing Zero-Day Information”, by leveraging on honeypots. So Sumit how long you have been working on this stuff? I have been into IT security for past 5+ years with 4 years of Penetration Testing experience. You also happen to be a member of the IndianHoneynet Project.Tell us about it. The Indian Honeynet Project (IHN) is aimed towards researching worms and botnets. Aside from that, in the past few years we have been successful in trying to set up lots of web honeypots. We have proposed projects in Mumbai, Pune, Delhi, Raipur and Bangalore in India. “Capturing Zero-Day Information!” Tell us how do you do that? We have been doing research on designing a high-interaction web spider, which would help us identifying unknown threats on the internet. Our research project has been successfully tested with the least number of false positives. Apart from capturing unknown threats we have been tracking spam, web shells etc.. On a daily basis, we:
Collect new samples (binaries) for analysis. Collect new web backdoor shells for analysis. Collect information on what web attacks are trending. Collect list of spamming IP addresses. Track andtrace spamming campaigns. Collect new malicious URLs involved in phishing attacks. Track andtrace botnets.
Can you provide us some of the spam statistics?
How can the capture information be made useful? Apart from statistics, we can use the information for IDS rules, Firewall filters and anti-virus signatures.One can also collaborate with ISPs for IP blacklisting.Most importantly this information is much useful for sinkholing. Can you please provide us some of the honeynet statistics?