Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot

Author: Stephen Holcroft Published Jan. 17, 2011 from Holcroft

My previous three honeypots had all been RedHat 6.2 default server installs and had all been hacked using exploits in rpc.statd or wuftpd. RedHat 6.2 seems to be a reasonable representation of the operating systems that exist out on the internet at the moment, although 6.2 is pretty dated there are still a lot of copies floating around as I found out when I asked a colleague for a copy of RedHat. This is going to be my last Redhat 6.2 honeypot after this I will move onto pastures new, perhaps a Windows machine or a later version of Redhat.

Tags:

Read the complete paper at Holcroft