Skip to main content
SpringerLink
Log in

A Distributed Honeynet at KFUPM: A Case Study

  • Conference paper
Recent Advances in Intrusion Detection (RAID 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6307))

Included in the following conference series:

Abstract

The main objectives of this work is to present our preliminary experience in simulating a virtual distributed honeynet environment at King Fahd University of Petroleum and Minerals (KFUPM) using Honeywall CDROM [1], Snort, Sebek and Tcpreplay [3] tools. In our honeynet design, we utilized the Honeywall CDROM to act as a centralized logging center for our distributed high-interaction honeypots. All honeypot servers, as well as the Honeywall CDROM itself, were built on top of a virtualized VMWare environment, while their logs were forwarded to the centralized server.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. The Honeywall CDROM, https://projects.honeynet.org/honeywall/

  2. Argus: The Network Activity Auditing Tool, http://www.qosient.com/argus

  3. TCPreplay, http://tcpreplay.synfin.net/

  4. WireShark, http://www.wireshark.org/

  5. Le Blond, S., Legout, A., Dabbous, W.: Reducing BitTorrent Traffic at the Internet Scale. A Presentation at the Internet Research Task Force, IRTF (March 2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, King Fahd University of Petroleum and Minerals,  

    Mohammed Sqalli, Raed AlShaikh & Ezzat Ahmed

Authors
  1. Mohammed Sqalli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raed AlShaikh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ezzat Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

  2. International Computer Science Institute, 1947 Center Street, Suite 600, 94704, Berkeley, CA, USA

    Robin Sommer  & Christian Kreibich  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sqalli, M., AlShaikh, R., Ahmed, E. (2010). A Distributed Honeynet at KFUPM: A Case Study. In: Jha, S., Sommer, R., Kreibich, C. (eds) Recent Advances in Intrusion Detection. RAID 2010. Lecture Notes in Computer Science, vol 6307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15512-3_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15512-3_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15511-6

  • Online ISBN: 978-3-642-15512-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation