16-07-2012, 01:31 PM
Honey pot
honeypot.pptx (Size: 653.81 KB / Downloads: 38)
What is a Honeypot
A honeypot is a resource which pretends to be a real target. A honeypot is expected to be attacked or compromised. The main goals are the distraction of an attacker and the gain of information about an attack and the attacker.
A honeypot therefore is a system which is acting as a potential target for an attacker.
Concept of Honeypots
Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise
All traffic is suspicious as there shouldn’t be any traffic because nobody knows of the system, no productive services are running and the system is not involved in “normal” activities.
TYPES
RESEARCH HONEYPOTS
Detecting new kind of attacks, retrieving new hacker tools or to get a better knowledge about the attackers, their background, activities and goals.
Developing new IDS signatures, analyze new attack tools or detect new ways of hidden communications or distributed denial of service (DDoS) tools.
Level of Involvement
Low involvement:
They are listening on a certain port for incoming connections.
All packets are logged & no answer to the request is sent.
Low involvement honeypots have no interaction with the attacker. No traffic is ever leaving the honeypot – It’s a simple logging machine.
Mid involvement:
Mid involvement honeypots also listen on different ports. But in contradiction to low involvement they send information back to the attacker.
A request is answered and the attacker has the possibility to issue commands.
In most cases, the provided commands are
very limited.
honeypot.pptx (Size: 653.81 KB / Downloads: 38)
What is a Honeypot
A honeypot is a resource which pretends to be a real target. A honeypot is expected to be attacked or compromised. The main goals are the distraction of an attacker and the gain of information about an attack and the attacker.
A honeypot therefore is a system which is acting as a potential target for an attacker.
Concept of Honeypots
Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise
All traffic is suspicious as there shouldn’t be any traffic because nobody knows of the system, no productive services are running and the system is not involved in “normal” activities.
TYPES
RESEARCH HONEYPOTS
Detecting new kind of attacks, retrieving new hacker tools or to get a better knowledge about the attackers, their background, activities and goals.
Developing new IDS signatures, analyze new attack tools or detect new ways of hidden communications or distributed denial of service (DDoS) tools.
Level of Involvement
Low involvement:
They are listening on a certain port for incoming connections.
All packets are logged & no answer to the request is sent.
Low involvement honeypots have no interaction with the attacker. No traffic is ever leaving the honeypot – It’s a simple logging machine.
Mid involvement:
Mid involvement honeypots also listen on different ports. But in contradiction to low involvement they send information back to the attacker.
A request is answered and the attacker has the possibility to issue commands.
In most cases, the provided commands are
very limited.