Honeypots Seminar Report
Honeypots Seminar Report
Honeypots Seminar Report
INTRODUCTION
HONEYPOT BASICS
TYPES OF HONEYPOTS
Low-interaction High-interaction
BackOfficer Friendly
BOF (as it is commonly called) is a very simple but
highly useful honeypot developed by Marcus Ranum and crew
Specter
Specter is a commercial product and it is another 'low
interaction' production honeypot. It is similar to BOF in that it
emulates services, but it can emulate a far greater range of
services and functionality. In addition, not only can it emulate
services, but emulate a variety of operating systems. Similar
to BOF, it is easy to implement and low risk. Specter works by
installing on a Windows system. The risk is reduced as there
is no real operating system for the attacker to interact with.
For example, Specter can emulate a web server or telnet
server of the any operating system. When an attacker
Homemade Honeypots
Another common honeypot is homemade. These
honeypots tend to be low interaction. Their purpose is usually
to capture specific activity, such as Worms or scanning
activity. These can be used as production or research
honeypots, depending on their purpose. Once again, there is
not much for the attacker to interact with, however the risk is
reduced because there is less damage the attacker can do.
Honeyd
Created by Niels Provos, Honeyd is an extremely
powerful, OpenSource honeypot. Designed to run on Unix
systems, it can emulate over 400 different operating systems
and thousands of different computers, all at the same time.
Honeyd introduces some exciting new features. First, not only
does it emulate operating systems at the application level, like
Specter, but it also emulates operating systems at the IP
stack level. This means when someone Nmaps the honeypot,
both the service and IP stack behave as the emulated
operating system. Currently no other honeypot has this
capability (CyberCop Sting did have this capability, but is no
longer available). Second, Honeyd can emulate hundreds if
not thousands of different computers all at the same time.
Mantrap
Produced by Recourse, Mantrap is a commercial
honeypot. Instead of emulating services, Mantrap creates up
to four sub-systems, often called 'jails'. These 'jails' are
logically discrete operating systems separated from a master
operating system (see Diagram.) Security administrators can
Honeynets
Honeynets represent the extreme of research
honeypots. They are high interaction honeypots, one can
learn a great deal, however they also have the highest level of
risk.
Fig: A honeynet
VALUE OF HONEYPOTS
IMPLEMENTATION
Honeypot Location
A honeypot does not need a certain surrounding
environment as it is a standard server with no special
needs.A honeypot can be placed anywhere a server could be
placed. But certainly, some places are better for certain
approaches as others.
LEGAL ISSUES
FUTURE OF HONEYPOTS
CONCLUSION
REFERENCES
• Spitzner, Lance.
“Honeypots Tracking Hackers”. Addison-Wesley:
Boston,2002
• Spitzner, Lance.
”The value of Honeypots, Part Two:Honeypot Solutions
and legal Issues” 10Nov.2002
<http://online.securityfocus.com/infocus/1498>
• Spitzner, Lance.
“Know Your Enemy: Honeynets”. 18 Sep. 2002.
<http://project.honeynet.org/papers/honeynet/>.
• “Honeypots-Turn the table on hackers” June 30,2003
<www.itmanagement.earthweb.com/secu/article.php/143
6291>
• <www.tracking-hackers.com >
Posted By: Brian Hatch
“Honeypots—What the Hell are They?” Published By:
NewOrder ,1/6/2003 11:36
<www.linuxsecurity.com>
ACKNOWLEDGEMENT
ABSTRACT
CONTENTS
1. INTRODUCTION 01
2. HONEYPOT BASICS 03
3. TYPES OF HONEYPOTS 05
4. VALUE OF HONEYPOT 17
5. IMPLEMENTATION 23
7. LEGAL ISSUES 31
8. FUTURE OF HONEYPOTS 33
9. CONCLUSION 34
10. REFERENCES 35