Tradeoffs Between Levels of Interaction

Level of interaction gives us a scale with which to measure and compare honeypots. The more a honeypot can do and the more an attacker can do to a honeypot, the greater the information that can be derived from it. However, by the same token, the more an attacker can do to the honeypot, the more potential damage an attacker can do.

For example, a low-interaction honeypot would be one that is easy to install and simply emulates a few services. Attackers can only scan, and potentially connect to, several ports. In this case, both the information you can obtain and the risk to your system are limited because the attacker’s ability to interact with the honeypot is limited.

Low-interaction honeypots are primarily ...

Get Honeypots: Tracking Hackers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.