IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

These papers are a result of the Honeynet Project. You can find the papers online at http://project.honeynet.org.They discuss the tools, tactics, and motives of the blackhat community. Feel free to copy / link / distribute any of the papers. Foreign language speakers, you can find translations online at (Francais, Deutsch, suomi, Slovinsko, Korean, Russian)

  • Know Your Enemy - 21 July, 2000
    • The tools and methodology of the most common black-hat threat on the Internet, the Script Kiddie.  By understanding how they attack and what they are looking for, you can better protect your systems and network.

  • Know Your Enemy: II - 18 June, 2001
    • How to determine what the enemy is doing by analyzing your system log files.  Includes examples based on two commonly used scanning tools, sscan and nmap.

  • Know Your Enemy: III - 27 March, 2000
    • What happens after the script kiddie gains root. Specifically, how they cover their tracks while they monitor your system.  The paper goes through step by step on a system that was compromised, with system logs and keystrokes to verify each step.

  • Know Your Enemy: A Forensics Analysis - 23 May, 2000
    • This paper studies step by step a successful attack of a system. However, instead of focusing on the tools and tactics used, we  focus on our analysis techniques and how we pieced the information together. The purpose is to give you the  skills necessary to analyze and learn on your own the threats your organization faces. MSNBC has released an interactive, online video of the this paper.

  • Know Your Enemy: Motives - 27 June, 2000
    • This paper studies the motives and psychology of the black-hat community, in their own words.

  • Know Your Enemy: Worms at War - 7 November, 2000
    • See how worms probe for and compromise vulnerable Microsoft Windows systems. Based on the first Microsoft honeypot compromised in the Honeynet Project.

  • Know Your Enemy: Passive Fingerprinting - 24 May, 2000
    • This paper details how to passively learn about the enemy, without them knowing about it. Specifically, how to determine the operating system of a remote host using passive sniffer traces only.

  • Know Your Enemy: Honeynets - 20 April, 2001
    • This paper supersedes our previous paper "To Build a Honeypot" which has been withdrawn. This older paper was out of date and discussed outmoded techniques. Our new paper covers what a Honeynet is, its value, how it works, and risks/issues involved.

The Honeynet Project