Information Gathering

A shared kernel between the Host and cages makes ManTrap powerful for data capture. The Host system can passively capture all the activity of each cage without the attacker’s knowledge. This includes activity such as process events, kernel activity, or data passing through the streams module. Even encryption does not hide the attackers’ activities, all keystrokes and actions are captured. This makes ManTrap extremely powerful.

A second weapon in ManTrap’s information-gathering arsenal is network captures. As we discussed earlier, ManTrap detects attacks not only against ports it is listening on but against every possible port.

ManTrap logs all the system and network-captured activity to a specific file for each cage. This ...

Get Honeypots: Tracking Hackers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.