Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
The botnet world is booming
What’s driving this university to IPv6? Going green
Google takes direct aim at Microsoft
Microsoft promises to stymie hackers next week with new patches
Chrome OS spotlights rapidly changing mobile Web environment
IT pros continue to lose jobs
How ending exclusivity agreements would change the telecom industry
How to use electrical outlets and cheap lasers to steal data
EMC distances rival NetApp
Crime lab saves energy costs by turning up heat in the data center
IBM security software masks confidential info
Google Native Client provides hints on Chrome OS gambit
Ericsson signs deal to run Sprint wireless, wireline networks
Verizon helping companies assess application vulnerabilities
Internet's biggest issue? IPv6 transition, new ARIN CEO says

Start-up's 'decoy' server helps track down hackers

Today's breaking news
Send to a friendFeedback

Advertisement:

By Ellen Messmer
Network World, 08/09/99

PALO ALTO - Start-up Recourse Technologies this week will release software, dubbed ManHunt, that can record would-be hackers' activities and trace intruders back across the Internet.

ManHunt serves as a "decoy" server - a convincing mock corporate Web site - that hackers can be led to once they break into a company's network. Once hackers break in, they can rummage around the decoy server and steal data, which, unbeknownst to them, is fake. ManHunt records the hacker's activities, providing the IS department with a detailed record of the event that can be used to track down and prosecute intruders in court.

Break-in leads to brainchild

Recourse is the brainchild of company founders Frank Huerta and Michael Lyle, network engineers forced to cope with an embarrassing hacker break-in while employed with service provider Exodus Communications. After reporting the network break-in to the FBI's computer crimes division, Exodus learned a lot about what law enforcement needs to successfully prosecute an intruder in terms of an event log, proof of stolen files and a network trace.

According to Huerta, now president and CEO of Recourse, simply trying to break into a network by probing isn't considered a crime.

Authorities also have a hard time bringing a case if all they see from an event log is that someone broke in but only looked around because there's no evidence of malicious intent or theft.

After the Exodus break-in, Huerta and Lyle, now Recourse chief technology officer, put together what they called a "spoofbox" at Exodus - with the goal of capturing more useful data for legal purposes. When Exodus-managed firewalls - in this case, those from Check Point, Cisco and Raptor - recorded suspicious activity, the traffic was redirected to the spoofbox.

With this idea, Huerta and Lyle left Exodus to start their own venture capital-backed firm to develop spoofbox into the ManHunt product, which ships Sept. 1 for $3,500.

Their formation of the new company transpired with the blessing of Exodus, which is beta-testing ManHunt in order to offer it as part of a managed security service, similar to the service provider's existing managed firewall service.

The ManHunt software sits on a Unix server on a LAN or Internet access point where a protective firewall would be able to hand off suspicious traffic to the decoy server.

Some limitations

As a first-generation product, ManHunt has some limitations that Huerta readily acknowledges. The software can track hackers back across different carriers' networks, but the process is still overly manual.

An important note: ManHunt only intercepts an attack when the attack is launched against a service or port protected by a firewall.

This means ManHunt will be most useful sitting behind a firewall guarding the door to an intranet. ManHunt won't be as effective shunting would-be hackers off public Web sites.

Next year Recourse plans to release TipOff, host-based software that delivers bad news.

"Hackers typically know how to cover their tracks, they're often very good at it," Huerta says. "But TipOff will tell if you have been hacked."

Recourse: www. recoursetechnolo gies.com


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.