By Topic

OpenFire: Using deception to reduce network attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Kevin Borders ; University of Michigan, EECS Department Ann Arbor, 48109, USA ; Laura Falk ; Atul Prakash

Remote network attacks are a serious problem facing network administrators today. OpenFire uses deception to interfere with the reconnaissance phase. Unlike traditional firewalls, instead of blocking unwanted traffic, it accepts all traffic, forwarding unwanted messages to a cluster of decoy machines. To the outside, all ports and all IP addresses appear open in an OpenFire network. OpenFire uses the honeypot concept in its design. However, unlike traditional honeypots, OpenFire attempts to present additional false targets by making it appear to an attacker that all ports, including unused ones, and all unused IP addresses of an organization are open, with the thesis that this will help divert attacks from real services to false services. In our experiments, we defined an attack to be snort’s priority 1 alert. During a 21-day evaluation period, we found that OpenFire reduced the number of attacks on real services by 65% as compared to an unprotected system and by 46% as compared to a Honeypot-protected system. We present OpenFire’s design, its performance, and defenses against some potential attacks.

Published in:

Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on

Date of Conference:

17-21 Sept. 2007