Is Honeyd Effective or Not?
نویسنده
چکیده
Honeypots are designed to ensnare attackers and monitor their activities. Honeypots use the principles of deception such as masking, mimicry, decoying, inventing, repackaging and dazzling to deceive attackers. This paper describes the framework of how to improve the effectiveness of honeypots through the effective use of deception. In this research a legitimate corporate deceptive network is created using Honeyd (a type of honeypot) which is attacked and improved using empirical learning approach. The data collected during the attacking exercise were analysed, using various measures, to determine the effectiveness of the deception in the honeypot network created using honeyd. The results indicate that the attackers were deceived into believing the honeynet was a real network which instead was a deceptive network.
منابع مشابه
Blackhat fingerprinting of the wired and wireless honeynet
TCP/IP fingerprinting is a common technique used to detect unique network stack characteristics of an Operating System (OS). Its usage for network compromise is renowned for performing host discovery and in aiding the blackhat to determine a tailored exploit of detected OSs. The honeyd honeynet is able to countermeasure blackhats utilising TCP/IP fingerprinting via host device emulation on a vi...
متن کاملCamouflaging Virtual Honeypots
Honeypots are decoys designed to trap attackers. Once deployed, we can use honeypots to log an attacker’s activities, analyze its behavior and design new approaches to defend against it. A virtual honeypot can emulate multiple honeypots on one physical machine, and so provide great flexibility in representing one or more networks of machines. In order to operate effectively, a honeypot needs to...
متن کاملHoneypot through Web (Honeyd@WEB): The Emerging of Security Application Integration
This paper discusses on the development of the Honeyd@WEB. Honeyd@WEB is a system that can deploy low-interaction, production, dynamic and manageable virtual honeypots via a web interface. It runs open source programs, such as P0f (a passive fingerprinting tool) and Honeyd (a low-interaction honeypot). Honeyd@WEB can automatically determine; how many honeypots to deploy, how to deploy them, and...
متن کاملHoneyd Detection via Packet Fragmentation
In this paper we describe a serious flaw in a popular honeypot software suite that allows an attacker to easily identify the presence and scope of a deployed honeypot. We describe in detail both the flaw and how it can be used by an attacker. Our technique relies on a set of specially crafted packets which are able to elicit a response from a Honeyd-based honeypot. Simple experiments show that ...
متن کاملSmartPot - Creating a 1 Generation Smartphone Honeypot
This paper discusses an experimental method for creating a 1 generation smart-phone honey-pot with the intention of discovering automated worms. A Honeyd low-interaction virtual honey-pot is conceived as a possible method of discovering automated smart-phone worms by emulating the operating system Windows Mobile 5 and Windows Mobile 6, along with the available TCP/UDP ports of each operating sy...
متن کامل