Sensors Collect Information on Internet Attackers

28/11/2019

LACNIC WARP has implemented a tool to collect information on the behavior of Internet attackers within the region. The LACNIC Honeynet Project seeks to determine the most frequent types of security attacks in Latin America and the Caribbean.

Information is collected through eight sensors installed at different Internet organizations in Argentina, Chile, Ecuador, Curaçao, Dominican Republic, Uruguay and Brazil. A LACNIC platform centralizes the data on how attackers act and then analyze their behavior. “It is a way of generating intelligence about how attackers try to breach the organizations’ servers and services in the region,” said Darío Gómez, Security Analyst at LACNIC.

Currently, the information collected is shared with the organizations that have installed these devices.

At this point, the project seeks to expand the number of sensors and add more organizations within the region to collect data and then share the information with them.

Sensor operation is simple: they simulates a real server with a very basic security configuration precisely to be targeted by hackers. This honeypot network allows visualizing security events in real time and understanding the modus-operandi of the most common attacks perpetrated in the region.

“Whatever an attacker generates inside these honeypots becomes the object of study,” Gomez added. The data collected allows the organizations involved in this project to be proactive in the detection and early warning of threats.

Organizations interested in becoming part of the LACNIC Honeynet Project by installing a sensor in their network should contact
info-warp@lacnic.net via e-mail.