alexander Posted August 5, 2005 Report Posted August 5, 2005 Well, I'm no big expert on honeypots and honeynets, but this is the honeypots part of the discussion in the "What is the difference between honeypot and honeynet" topic. As i was saying, I'm no big expert. Last time I layed with honeypots is when we setup a windows machine infected with blaster and used honeypots to show that we could infact detect an infected windows machine on our network and then use the opened volnurability to infact cure the machine of the worm. The project was called HackBack Honeypots, and we submitted it for the intercollege contest where the winners get to present at this huge conference and the winners of that get a decent sum of money and special recognition (that was this spring) and although we didnt get the spot in the show, we did get to learn a little honeypots in the process (P.S. the projects that won were a lot worse then ours, but thats how it plays out most of the time, so...) Honeypot (http://www.honeypots.net) is basically a decoy machine on your network that is purposefully weakened, but are heavily logged (down to the last key stroke) and can act as an IDS and can be automated to act to certain threats in whichever way you need them to and hense prevent intrusions from happening (in other words it can also be an IPS). Basically they act as the most volnurable spot in your net, making it attractive to crackers, and, especially, viruses (hence our project...). Its not a reaal machine, but more of a process on your machine, although there has been many attemts to get out of a honeypot to the real machine, I'm pretty sure that patches cleaned up most of the security volnurabilities, but keep in mind that nothing is 100% secure, so. Honeypots can be a stand alone thing, or an entire network, called Honeynet. The reason it is called honey is because a net of volnurable comuters to a malacious hacker has the same effect as honey does on Winnie the Pooh. You can resort to things like Virtual machines, but even though VMs are great, they take way more processing power and space then a honeypot. (although for linus I still think that you should use UMLs, I think anyways) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.