Definitions and Value of Honeypots
Honeypots are an exciting new technology with enormous potential for the security community. The concepts were first introduced by several icons in computer security, specifically Cliff Stoll in the book The Cuckoo's Egg", and Bill Cheswick's paper " An Evening with Berferd." Since then, honeypots have continued to evolve, developing into the powerful security tools they are today. The purpose of this paper is to explain exactly what honeypots are, their advantages and disadvatages, and their value to the security.
|
|
Dynamic Honeypots
For the past eight months we have been discussing what honeypots are, their value, their different types, and how they can be used and deployed. Today we will do something a little different. Instead of discussing what honeypots can do and how they work, we will take a look into the crystal ball and see what honeypots should do, how they could work. If I had a dream honeypot, this is what I would like to see in the future: the dynamic honeypot.
|
|
Fighting Spammers With Honeypots: Part 1
This paper will evaluate the usefulness of using honeypots to fight spammers. The first part of the article will explain some background information on spam. Then, we will try to understand how honeypots may detect, slow and stop such activities while promoting a clean Internet. Finally we will conclude with some future perspectives.
|
|
Fighting Spammers With Honeypots: Part 2
Most of the time, a spammer connecting to the open proxy server will try to send an initial email in order to check how the proxy is working. This moment can be crucial if you want to fool him properly.
|
|
Honeypot Farms
For the past six months this series of papers has covered a breadth of honeypot topics. We have covered everything from what honeypots are, their value and different types, to common misconceptions and legal issues. However, one thing we have yet to discuss is deployment. How can you deploy honeypots in your environment? For small organizations, this may be easy -- nothing more then installing a honeypot on a single computer and placing it on your local network. But what about organizations with hundreds of networks and thousands of computers? How can honeypots be easily deployed and managed in such large, distributed environments? One approach is that you don't. Instead, you simply consolidate all of your honeypots in a single honeypot farm, then you let the bad guys come to you.
|
|
Honeytokens: The Other Honeypot.
The purpose of this series of honeypot papers is to cover the breadth of honeypot technologies, values and issues. I hope by now readers are beginning to understand that honeypots are an incredibly powerful and flexible technology. They have multiple applications to security, everything from simplified detection to advanced information gathering. Today we extend the capabilities of honeypots even further by discussing honeytokens. Honeytokens are everything a honeypot is, except they are not a computer.
|
|
|
|
Wireless Honeypot Trickery
This paper will introduce honeypots as a countermeasure for wireless environments (more specifically, WiFi-related technologies). So, let's prepare to feed greedy blackhat people with waves of honey to defeat our happy attackers.
|
|
Improving the Effectiveness of Deceptive Honeynets through an Empirical Learning Approach
This research is attempting to provide richer deception through the use an empirical learning approach to attacks and probes on systems. This research can be regarded as evolutionary:findings of one phase will be the focus and design of next phase. After testing the systems with attacking tools and improving them based on the results obtained from pre-selected hackers attacks, systems will be further tested to determine if the level of deception has further improved. Deceptive honeypots coupled with appropriate intrusion detection systems and firewalls may provide a means for providing much need forward intelligence about attackers and give defenders an increased reaction and countermeasure time window.
|
|
Know Your Enemy: Sebek2
A detailed look into one of the Project's most powerful tools for capturing all of an attacker's activity on a honeypot, even encrypted activity, such as SSH, burneye, and IPSec. This paper covers what Sebek is, its value, how it works, and how to analyze data recovered by Sebek.
|
|
Fun things to do with a Honeypot
Fun things to do with honeypots. Discussed are techniques that can be used to create an environment that keeps a hacker's interest piqued in your honeypot, and how to extract the maximum amount of data from them.
|
|
If you go down to the Internet today - Deceptive Honeypots
This is preliminary research into the effectiveness of deceptive defensive measures in particular honeypots that use deceit as a primary defensive and offensive mechanism. Initial research has been conducted using the Deception Tool Kit and its ability to fool commonly available network scanning tools such as Nessus and Nmap The preliminary research indicates that these deceptive tools have a place in modern network defense architecture.
|
|
Honeynet: Recent Attacks Review
This paper is an attempt to informally summarize what was happening to our exposed Linux machine connected to the Internet. The moment is even more appropriate since we are now changing the platform of the victim machine.. Our Linux honeypot survived dozens, if not more, system compromises including several massive outbound denial-of-service attacks (all blocked by the firewall!), major system vulnerability scanning and serving as an Internet Relay Chat (IRC) server for Romanian hackers - and other exciting stuff.
|
|
Design Of A Default Redhat Server 6.2 Honeypot
The following paper is a description of how I have designed and implemented a honeypot system. The paper describes how the honeypot is used to capture data in layers using different techniques. The aim of the honeypot is to discover the techniques and tactics used by blackhats (hackers) to compromise computer systems. The methods used are similar to the methods used by the Honeynet Project.
|
|
Actions
Category Stats