Chapter 2. High-Interaction Honeypots

2.1 Advantages and Disadvantages

2.2 VMware

2.3 User-Mode Linux

2.4 Argos

2.5 Safeguarding Your Honeypots

2.6 Summary

High-interaction honeypots offer the adversary a full system to interact with. This means that the honeypot does not emulate any services, functionality, or base operating systems. Instead, it provides real systems and services, the same used in organizations today. Thus, the attacker can completely compromise the machine and take control of it. This allows you to learn more about the tools, tactics, and motives of the attacker and get a better understanding of the attacker community. Although these types of honeypots can give you deep insights into the routine procedures of an attacker, ...

Get Virtual Honeypots: From Botnet Tracking to Intrusion Detection now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.