Dan "AltF4" Petro
Reconnaissance on a network has been an attacker's game for far too long. Where's the defense? Nmap routinely evades firewalls, traverses NATs, bypasses signature-based NIDS, and gathers up the details of your highly vulnerable box serving Top Secret documents. Why make it so easy? This talk will explore how to prevent network reconnaissance by using honeyd to flood your network with low fidelity honeypots. Dan will then discuss how this lets us constrain the problem of detecting reconnaissance such that a machine learning algorithm can be effectively applied. (No signatures!) Some important additions to honeyd will also be discussed along with a live demonstration of Nova, a free software tool for doing all of the above.