Development and implementation of a honeynet on a university-owned subnet

Abstract

Computer security experts often focus on understanding and improving defensive practices, in an attempt to stem the flow of attacks on computer systems. However, a purely defensive approach does not make use of additional information gained by studying attackers and their mindsets as well as the results of attacker methodologies. Honeypot technology utilizes computers whose sole purpose is to be attacked so the tools, techniques, and modus operandi of computer system attackers can be studied. A honeynet is a collection of honeypot systems set up in an isolated network domain to better ensure that all network traffic is generated by attackers. Our project was to implement a honeynet with limited resources in such a way as to not endanger the University of Wisconsin--Eau Claire (UWEC) network. We have now successfully configured a honeynet in the UWEC network environment, and we are collecting data to help in a nationwide project to better understand and respond to computer system attacks.