Counting Outdated Honeypots: Legal and Useful

2019 IEEE Security and Privacy Workshops (SPW) Pub Date : 2019-05-19 DOI:10.1109/SPW.2019.00049

Alexander Vetterl, R. Clayton, I. Walden

{"title":"Counting Outdated Honeypots: Legal and Useful","authors":"Alexander Vetterl, R. Clayton, I. Walden","doi":"10.1109/SPW.2019.00049","DOIUrl":null,"url":null,"abstract":"Honeypots are intended to be covert and so little is known about how many are deployed or who is using them. We used protocol deviations at the SSH transport layer to fingerprint Kippo and Cowrie, the two most popular medium interaction SSH honeypots. Several Internet-wide scans over a one year period revealed the presence of thousands of these honeypots. Sending specific commands revealed their patch status and showed that many systems were not up to date: a quarter or more were not fully updated and by the time of our last scan 20% of honeypots were still running Kippo, which had last been updated several years earlier. However, our paper reporting these results was rejected from a major conference on the basis that our interactions with the honeypots were illegal and hence the research was unethical. We later published a much redacted account of our research which described the fingerprinting but omitted the results we had gained from the issuing of commands to check the patch status. In the present work we provide the missing results, but start with an extended ethical justification for our research and a detailed legal analysis to show why we did not infringe cybersecurity laws.","PeriodicalId":125351,"journal":{"name":"2019 IEEE Security and Privacy Workshops (SPW)","volume":"251 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW.2019.00049","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Honeypots are intended to be covert and so little is known about how many are deployed or who is using them. We used protocol deviations at the SSH transport layer to fingerprint Kippo and Cowrie, the two most popular medium interaction SSH honeypots. Several Internet-wide scans over a one year period revealed the presence of thousands of these honeypots. Sending specific commands revealed their patch status and showed that many systems were not up to date: a quarter or more were not fully updated and by the time of our last scan 20% of honeypots were still running Kippo, which had last been updated several years earlier. However, our paper reporting these results was rejected from a major conference on the basis that our interactions with the honeypots were illegal and hence the research was unethical. We later published a much redacted account of our research which described the fingerprinting but omitted the results we had gained from the issuing of commands to check the patch status. In the present work we provide the missing results, but start with an extended ethical justification for our research and a detailed legal analysis to show why we did not infringe cybersecurity laws.

查看原文本刊更多论文

统计过时的蜜罐:合法和有用的

蜜罐的目的是隐蔽的，所以很少知道有多少蜜罐被部署或谁在使用它们。我们使用SSH传输层的协议偏差来识别Kippo和Cowrie这两种最流行的媒介交互SSH蜜罐。在一年的时间里，对整个互联网进行了几次扫描，发现了数千个这样的蜜罐。发送特定命令会显示它们的补丁状态，并显示许多系统不是最新的:四分之一或更多的系统没有完全更新，到我们上次扫描时，20%的蜜罐仍在运行Kippo，上次更新是在几年前。然而，我们报告这些结果的论文被一个主要会议拒绝，理由是我们与蜜罐的相互作用是非法的，因此这项研究是不道德的。后来，我们发表了一篇经过大量编辑的研究报告，其中描述了指纹识别，但省略了我们从发出命令检查补丁状态中获得的结果。在目前的工作中，我们提供了缺失的结果，但从扩展我们的研究的伦理理由和详细的法律分析开始，以说明为什么我们没有违反网络安全法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量