Honeypots Against Worms 101 presented at BlackHatAsia 2003

by Laurent Oudot,

Summary : This talk will explain how to fight Internet worms by using technologies related to honeypots. The first part will focus on essential needed theory concepts about Internet worms, to move on a second part reminding interesting functions about current honeypots (and Honeynets). Then, Laurent will propose ideas and demonstrations about how honeypots can be used to fight off Internet worms or even fight them back! A strong technical case study will be given to show how Honeyd may be used to deal with MSBlast worms (catching the worms, detecting them, slowing them, stopping them, cleaning them, etc).
Laurent Oudot is a French security expert who works for the CEA. He is also a member of a team called "rstack" composed of security addicts and geeks. Oudot's research focus on defensive technologies highly closed to blackhats activities like honeypots, intrusion prevention, intrusion detection, firewalls, sandboxes, MAC, etc.
Laurent is the (co-)author of several research papers recently published and released at rstack.org, MISC magazine and Linux Magazine France. He has presented at national and international conferences and meetings such as annual Honeynet Project meeting (Chicago), Libre Software Meeting (Metz), FOSDEM (Bruxelles), etc.
In his spare time, Laurent co-organized security events such as the Libre Software Meeting (co-chairman of the Security Topic with Bradley Spengler from Grsecurity), Symposium Sécurité des Technologies de l'Information et de la Communication (SISTIC), etc.