Abstract
For several years, various projects have collected traces of malicious activities thanks to honeypots, darknets and other Internet Telescopes. In this paper, we use the accumulated four years of data of one such system, the Leurré.com project, to assess quantitatively the influence, in these traces, of a very popular attack tool, the Metasploit Framework. We identify activities clearly related to the aforementioned exploitation tool and show the fraction of attacks this tool accounts for with respect to all other ones. Despite our initial thinking, the findings do not seem to support the assumption that such tool is only used by, so called, script kiddies. As described below, this analysis highlights the fact that a limited, yet determined, number of people are trying new exploits almost immediately when they are released. More importantly, such activity does not last for more than one or two days, as if it was all the time required to take advantage of these new exploits in a systematic way. It is worth noting that this observation is made on a worldwide scale and that the origins of the attacks are also very diverse. Intuitively, one would expect to see a kind of a Gaussian curve in the representation of the usage of these attacks by script kiddies over time, with a peak after one or two days when word of mouth has spread the rumor about the existence of a new exploit. The striking difference between this idea and the curves we obtain is an element to take into account when thinking about responsible publication of information about new exploits over the Internet.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Arbaugh, W.A., Fithen, W.L., McHugh, J.: Windows of Vulnerability: A Case Study Analysis. IEEE Computer 33, 52–59 (2000)
Fyodor.: Top 100 Network Security Tools (last visited, July 25, 2007), available on line on http://sectools.org
Fyodor.: Top 3 Vulnerability Exploitation Tools (last visited, July 25, 2007), available on line on http://sectools.org/sploits.html
Leurré.com Project web page (last visited, July 25, 2007), http://www.leurrecom.org
Metasploit Project web page (last visited, July 25, 2007), http://www.metasploit.com
Metasploit Framework User Guide. Version 2.5., http://metasploit.com/projects/Framework/docs/userguide.pdf
Pouget, F., Dacier, M., Debar, H., Pham, V.H.: Honeynets: foundations for the development of early warning information systems. In: The Cyberspace Security and Defense: Research Issues - NATO Advanced Research Workshop, Gdansk, Poland (September 6-9, 2004)
Pouget, F., Dacier, M., Debar, H.: Honeypots, a practical mean to validate malicious fault assumptions. In: PRDC 2004. 10th International symposium Pacific Rim dependable computing Conference, Tahiti, French Polynesia (March 3-5, 2004)
Pouget, F., Dacier, M.: Honeypot-based Forensics. In: Proc. AusCERT Asia Pacific Information Technology Security Conference, Brisbane (2004)
Pouget, F., Dacier, M.: Honeypot Platform: Analyses and Results. Rapport de recherche RR-04-104 (October 30, 2004)
Pouget, F., Dacier, M., H., Pham, V.H.: Leurre.com: on the advantages of deploying a large scale distributed honeypot platform. In: ECCE 2005. E-Crime and Computer Conference, Monaco (March 29-30, 2005)
Pouget, F.: Distributed System of Honeypots Sensors: Discrimination and Correlative Analysis of Attack Processes. PhD thesis, Institut Eurecom (2006)
Provos, N.: A virtual honeypot framework. In Proceedings of the 12th USENIX Security Symposium, pp. 1-14 (August 2004)
Disco tool web page, http://www.altmode.com/disco/
p0f passive fingerprinting tool web page, http://lcamtuf.coredump.cx/p0f-beta.tgz
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ramirez-Silva, E., Dacier, M. (2007). Empirical Study of the Impact of Metasploit-Related Attacks in 4 Years of Attack Traces. In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-76929-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76927-9
Online ISBN: 978-3-540-76929-3
eBook Packages: Computer ScienceComputer Science (R0)