The NoAH Blog » ISP http://blogs.fp6-noah.org/noah an ark of honeypot knowledge... Tue, 07 Jul 2009 14:35:20 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 NoAH: a versatile tool for every ISP’s toolbox http://blogs.fp6-noah.org/noah/noah-a-versatile-tool-for-every-isps-toolbox/ http://blogs.fp6-noah.org/noah/noah-a-versatile-tool-for-every-isps-toolbox/#comments Wed, 09 Jul 2008 14:19:13 +0000 FORTHnet http://blogs.fp6-noah.org/noah/noah-a-versatile-tool-for-every-isps-toolbox/ The primary purpose of NoAH system is detection of unauthorized activity on organizational data networks. It does this by monitoring the activity on all the unused IPs in your network. Any attempted connection to an unused IP address is assumed to be unauthorized or malicious activity. In the case where the system IP is in use the system (honey@home) can monitor unused service ports of the system and report activity.

Even though the aim of the project is to help NRENs and ISPs companies, feedback from them is crucial, since the main attacks committed through their networks. Using NoAH system can help detect, monitor and report suspect activities in real-time.

NoAH system main features:

  • Provide source of data for security analysis.
  • Produce attacks signatures for further use (integration with IDS, firewalls and other network protection tools).
  • It has few false positives, low cost and low risk.
  • It does not capture legitimate users traffic (No sensitive data).
  • Help the security teams understand the threats they face and how to defend against them.
  • Raw data available for the administrators.
  • Easy to adapt new honeypots on the company’s network.
  • Open-source software.
  • Contribute to a large network of Honeypots.
]]> http://blogs.fp6-noah.org/noah/noah-a-versatile-tool-for-every-isps-toolbox/feed/ 0