Honeyd - A OS Fingerprinting Artifice
نویسنده
چکیده
This research looks at the efficiency of the honeyd honeypot system to reliably deceive intruders. Honeypots are being used as frontline network intelligence and forensic analysis tools. A honeypots ability to reliably deceive intruders is a key factor in gathering reliable and forensically sound data. Honeyd’s primary deceptive mechanism is the use of the NMAP fingerprint database to provide bogus OS fingerprints to would be intruders. Tests conducted by the author on honeyd's ability to provide bogus fingerprints sees 78% of 704 signatures invalidated under heavy probing. However, the tests have left 152 viable signatures for producing hardened honeypot designs.
منابع مشابه
Blackhat fingerprinting of the wired and wireless honeynet
TCP/IP fingerprinting is a common technique used to detect unique network stack characteristics of an Operating System (OS). Its usage for network compromise is renowned for performing host discovery and in aiding the blackhat to determine a tailored exploit of detected OSs. The honeyd honeynet is able to countermeasure blackhats utilising TCP/IP fingerprinting via host device emulation on a vi...
متن کاملHow to build a faraday cage on the cheap for wireless TCP/IP fingerprinting
The commonly known security weaknesses associated with the 802.11b wireless standard have introduced a variety of security measures to countermeasure attacks. Using a wireless honeypot, a fake wireless network may be configured through emulation of devices and the TCP/IP fingerprinting of OS network stacks. TCP/IP fingerprinting is one of the most popular methods employed to determine the type ...
متن کاملHoneypot through Web (Honeyd@WEB): The Emerging of Security Application Integration
This paper discusses on the development of the Honeyd@WEB. Honeyd@WEB is a system that can deploy low-interaction, production, dynamic and manageable virtual honeypots via a web interface. It runs open source programs, such as P0f (a passive fingerprinting tool) and Honeyd (a low-interaction honeypot). Honeyd@WEB can automatically determine; how many honeypots to deploy, how to deploy them, and...
متن کاملImproving honeyd for automatic generation of attack signatures
In this paper, we design and implement a new Plugin to Honeyd which generates attack signature, automatically. Current network intrusion detection systems work on misuse detectors, where the packets in the monitored network are compared against a repository of signatures. But, we focus on automatic signature generation from malicious network traffic. Our proposed system inspects honeypot traffi...
متن کاملA Virtual Honeypot Framework
A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, can provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot. Deploying a physical honeypot is often time intensive and expensive as different operating syst...
متن کامل