Fake VPN Purposely Tempts Fate

The trap was sweet, tempting -- and if you were a savvy enough hacker -- kind of obvious, with an unpatched Unix box and easily crackable passwords just asking for trouble. But the researchers who run the Distributed Honeynets Project were purposely being as promiscuous as possible on their IPSec-based "VPN" and it paid off: They've gotten hacked at least twice now.

"[The] attackers came in... and started the process of 'owning' the machine," says Albert Gonzalez, a member of the Distributed Honeynets Project. Gonzalez and his partner on the project, Will McCammon, plan to go public with their findings on the attacks soon.

The first attack, which occurred in the past few months, was on a Red Hat 6.2 server that McCammon, a medical student, had built on the network of honeypot machines disguised as an enterprise network.

The project strings together distributed honeypots over the VPN to make it look like a large, contiguous network with multiple hosts. The goal is to give the researchers a bird's eye view of what attackers do once they get past the front door of the fake enterprise network.