Chapter 7. Hybrid Systems
7.1 Collapsar
7.2 Potemkin
7.3 RolePlayer
7.4 Research Summary
7.5 Building Your Own Hybrid Honeypot System
7.6 Summary
When low-interaction systems are not powerful enough and high-interaction systems are too expensive, hybrid solutions offer the benefits of both worlds. Let’s say we want to capture real worms on a class B network under our control. It would be too expensive to set up 65,000 real machines, but by combining principals of low-interaction honeypots with high-interaction honeypots, we can use the low-interaction honeypots as gateways to a few high-interaction machines. The low-interaction honeypots filter out noise and scanning attempts and ensure that only interesting connections are forwarded to a set ...
Get Virtual Honeypots: From Botnet Tracking to Intrusion Detection now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.