Virtual Honeypots: From Botnet Tracking to Intrusion Detection

Chapter 2. High-Interaction Honeypots

2.1 Advantages and Disadvantages

2.2 VMware

2.3 User-Mode Linux

2.4 Argos

2.5 Safeguarding Your Honeypots

2.6 Summary

High-interaction honeypots offer the adversary a full system to interact with. This means that the honeypot does not emulate any services, functionality, or base operating systems. Instead, it provides real systems and services, the same used in organizations today. Thus, the attacker can completely compromise the machine and take control of it. This allows you to learn more about the tools, tactics, and motives of the attacker and get a better understanding of the attacker community. Although these types of honeypots can give you deep insights into the routine procedures of an attacker, ...

Get Virtual Honeypots: From Botnet Tracking to Intrusion Detection now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Virtual Honeypots: From Botnet Tracking to Intrusion Detection by

Chapter 2. High-Interaction Honeypots

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly