Skip to main content

Dell offers open-source honeypot to trap attackers

If you're trying to lure someone into a trap, what's the only thing you shouldn't be doing? You shouldn't be telling them they're heading into a trap.

That's exactly why the actions of Dell Secureworks' duo, Joe Stewart and James Bettke is even more badass – they’ve just told everyone they’re trying to lure hackers into a trap.

What they’ve actually done is created a free honeypot filled with fake domain names, logins and passwords, as they try to help network administrators block and catch attackers everywhere.

A honeypot is a mechanism which consists of data that appears to be a legitimate part of the site, and also appears to hold valuable information. Instead, it’s isolated and monitored, allowing network administrators to catch and then ultimately block attackers from their network.

Their tool is called DCEPT – short for Domain Controller Enticing Password Tripwire.

"With this information, the attacker gains total control of the network," the pair said in a blog post.

"These types of attacks can potentially terminate a company’s ability to do business. Espionage or advanced-persistent-threat-style attacks have used this technique for years to compromise networks and steal protected data. Even with reliable and recent data backups, the manpower it would take to restore an entire enterprise network is daunting. Due to the increasing prevalence and magnitude of such attacks, administrators should be selective and careful when using domain administrator credentials.”

The DCEPT tool was first launched during the RSA 2016 conference in San Francisco, last week.