Malicious entities are constantly trying their luck at exploiting known vulnerabilities in web services, in an attempt to gain access to resources unauthorized access to resources. For this reason security specialists deploy various network defenses with the goal preventing these threats; one such tool used are web based honeypots. Historically a honeypot will be deployed facing the Internet to masquerade as a live system with the intention of attracting attackers away from the valuable data. Researchers adapted these honeypots and turned them into a platform to allow for the studying and understanding of web attacks and threats on the Internet. Having the ability to develop a honeypot to replicate a specific service meant researchers can now study the behavior patterns of threats, thus giving a better understanding of how to defend against them. This paper discusses a high-level design and implementation of Weems, a low-interaction web based modular HTTP honeypot system. It also presents results obtained from various deployments over a period of time and what can be interpreted from these results.
Reference:
Pearson, D., Irwin, B.V.W. and Herbert, A. 2017. Weems: An extensible HTTP honeypot. Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3-10 September 2017, Barcelona, Spain
Pearson, D., Irwin, B. V., & Herbert, A. (2017). Weems: An extensible HTTP honeypot. http://hdl.handle.net/10204/9691
Pearson, D, Barry VW Irwin, and A Herbert. "Weems: An extensible HTTP honeypot." (2017): http://hdl.handle.net/10204/9691
Pearson D, Irwin BV, Herbert A, Weems: An extensible HTTP honeypot; 2017. http://hdl.handle.net/10204/9691 .