Tomas Sochor
University of Ostrava
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Tomas Sochor.
Computer Networks and Isdn Systems | 2014
Tomas Sochor; Matej Zuzcak
The number of threats from the Internet has been growing in the recent period and every user or administrator should protect against them. For choosing the most suitable protection the detailed information about threats are required. Honeypots and honeynets are effective tools for obtaining details about current and recent threats. The article gives an introduction into honeypots and honeynets and shows some interesting results from initial 3-months period of the implementation of a small honeynet made of 3 Dionaea and one Kippo low-interaction honeypots. Basic conclusions regarding the amount of currently actively spread malware and their type are formulated.
computer, information, and systems sciences, and engineering | 2010
Tomas Sochor
Greylisting is a method for protection against unsolicited electronic mail messages (SPAM) based on the combination of white lists and temporary deferring of incoming messages from new sources. The idea is quite simple and the method proved to be surprisingly efficient but there are some issues to be concerned with. One of the most important issues is possible efficiency decay through a long-term period. Therefore the investigation of the efficiency of the method throughout longer period was done Also various other factors of the greylisting method application were studied and are discussed.
Computer Networks and Isdn Systems | 2015
Tomas Sochor; Matej Zuzcak
New threats from the Internet emerging every day need to be analyzed in order to prepare ways of protection against them. Various honeypots combined into honeynets are the most efficient tool how to lure, detect and analyze threats from the Internet. The paper presents recent results in honeynet made of Dionaea (emulating Windows services), Kippo (emulating Linux services) and Glastopf (emulating website services) honeypots. The most important result consists in the fact that the differentiation among honeypots according to their IP address is relatively rough (usually two categories, i.e. academic and commercial networks, are usually distinguished, but the type of services in commercial sites is taken into account, too). Comparisons of results to other similar honeynets confirms the validity of the paper main conclusions.
Computer Networks and Isdn Systems | 2012
Tomas Sochor
Anonymization in the sense of hiding the originator of the web request could be sometimes useful and it can be done using various commercial and public domain tools. The adverse aspect of anonymization is that the anonymized traffic is significantly slower than normal one. The study focused to describe the slowing down and to quantify its rate is presented in this article. The best known free anonymization tools were involved in the study, namely TOR, JAP and I2P. The set of files was formed and their download transmission speed was measured with and without use of anonymization. Also the set of webpages was formed where both latency and transmission speed were measured. All the measurements were done at the application layer. The final comparison showed that the TOR remains to be the best tool for anonymization despite the fact that JAP excelled in latency. The price paid for anonymization also remains to be quite high because it was confirmed that at least 90% transmission speed decrease is inseparable from using free anonymization tools.
Archive | 2015
Pavol Sokol; Matej Zuzcak; Tomas Sochor
Honeypots play an important role in network security, since they obtain information about attackers, their targets, methods, and tools. This paper offers a discussion about the definition of attack. The main matter of discuss is when an activity is considered to be an attack. Paper only focuses on low-level interaction server honeypots and outlines the definition of attack from the perspective of windows service emulation and Linux SSH services emulation.
international conference on ubiquitous and future networks | 2016
Tomas Sochor; Matej Zuzcak; Petr Bujok
The paper is devoted to an analysis of a one-year-long period of operation of a honeynet composed of 6 Dionaea honeypots emulating Windows services. The analysis focused on the frequency of attacks according to the location of individual honeypots (sensors) as well as to the geographical location of attackers. From the statistical processing of the results, it was demonstrated that the most frequently attacking malware was well-known Conficker worm. Moreover, attacking OS were studied with the conclusion that Windows is the most frequent OS. Regarding the geographical location of the attackers, several non-western countries and autonomous systems were indicated as being the most frequent origin of the attacks.
telecommunications forum | 2013
Tomas Sochor; Radim Farana
Despite suggestions that the global ratio of unsolicited e-mail messages (SPAM) has been decreasing recently, the SPAM ratio values measured in individual SMTP servers have not confirmed this trend. Blacklisting can eliminate a part of SPAM even before their delivery. A multilevel anti-SPAM mechanism is described and the behavior and efficiency of blacklisting using DNSBL is analyzed. Drawbacks of DNSBL blacklisting and the potential of their elimination are discussed, too. The efficiency of DNSBL application in a specific mail server and its comparison to the efficiency of other SPAM blocking techniques is also presented.
conference on risks and security of internet and systems | 2009
Tomas Sochor
Greylisting is a popular method for protection against SPAM messages since 2003. It often complements other methods (usually search-based ones). This article describes results of the analysis of the efficiency of greylisting performed by Postgrey throughout long period (over 2 years). Also other aspects of greylisting like the real delay in greylisted message delivery are analyzed and results are presented in the article.
Computer Networks and Isdn Systems | 2017
Matej Zuzcak; Tomas Sochor
New Internet threats emerge on daily basis and honeypots have become widely used for capturing them in order to investigate their activities. The paper focuses on a detailed analysis of the behavior of various attacks agains 7 Linux–based honeypots. The attacks were analyzed according to the threat type, session duration, AS, country and RIR of the attack origin. Clusters of similar objects were formed accordingly and certain typical attack patterns for potential detection automation as well as some aspects of threat dissemination were identified.
Computer Networks and Isdn Systems | 2016
Tomas Sochor; Matej Zuzcak
High-interaction honeypots providing virtually an unlimited set of OS services to attackers are necessary to capture the most sophisticated human-made attacks for further analysis. Unfortunately, this field is not covered by recent publications. The paper analyses existing approaches and available open source solutions that can be used to form high-interaction honeypots first. Then the most prospective approach is chosen and best applicable tools are composed. The setup is tested eventually and its usefulness is proven.