The Value of BOF

BOF is a low-interaction, production honeypot. It adds value to an organization primarily by detecting and alerting to attacks. There are seven preconfigured services on which BOF can detect attacks. When a connection is made to any one of these seven services, the attempt is logged, and an alert is generated. BOF has some emulation capability, but it is extremely limited. None of the services emulate a specific application or version, only the functionality of the service. For example, the Web server does emulate a Web server; it captures attempts to get a Web page. However, it does not emulate a specific Web server, such as Apache or IIS. This functionality limits BOF to primarily a detection technology. Also, since additional ...

Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.