TCP Attack Analysis on Packets Captured Using Symantec Decoy Server

Abstract

This paper discusses results obtained from Symantec Decoy Server (previously known as Mantrap) with an introduction to honeypots. Lance Spitzner of the Honeynet Project introduced the concept of honeypots. A honeypot is in essence a decoy server, which has no real or strategic value and is only setup to attract crackers towards it. The idea is to trap the crackers and learn cracking techniques from them. Rapid increase in unauthorized intrusions over the Internet provides a great motivation to explore honeypots at a greater depth. We will provide analysis on TCP based denial of service attack carried out on Symantec Decoy Server based honeypot. These results highlight the importance of honeypot as a tool of learning and preventing future intrusions.