Contributors
Ryan Barnett*
Jeremiah Grossman
Prince Kohli
Ivan Ristic
Robert Auger
Anton Chuvakin
Sergey Gordeychik
Spiros Antonatos
Bjoern Weiland
Kurt Grutzmacher
Pete LeMay
Rick Nall

*Project Leader



From a counter-intelligence perspective, standard honeypot/honeynet technologies have not bared much fruit in the way of web attack data. Web-based honeypots have not been as successful as OS level or other honeypot applications (such as SMTP) due to the lack of their perceived value. Deploying an attractive honeypot web site is a complicated, time-consuming task. Other than a Script Kiddie probing for an easy defacement or an indiscriminant worm, you just won't get much traffic.

So the question is - How can we increase our traffic, and thus, our chances of obtaining valuable web attack reconnaissance?

This project will use one of the web attacker's most trusted tools against him - the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location.

How to participate

You can participate by deploying the WASC Open Proxy Honyepot sensor on your own network. WASC has created a VMware image of the standard sensor. This image includes all of the software to quickly get your sensor up and running with little configuration on the end user’s part. You must contact the project leader via email in order to participate. You will then recieve the link location to download the VMware image.

You will need to have the free version of VMware Server.

To find out more information about the project – please see the FAQ

Threat Reports

The WASC Distributed Open Proxy Honeypot team will be releasing periodic threat reports of significant activity and trends.

Web Security Threat Report, Volume 1: January – April 2007

If you are interested in participating in reviewing the logs collected by the honeypot sensors and creating these threat reports, contact the project lead below.

If you would like to be involved with the project, please contact Ryan Barnett
Home :: About Us :: Projects :: Mailing Lists :: Library :: News :: Links :: Contact Us
© Copyright 2005, Web Application Security Consortium. All rights reserved.