Chapter 9. Detecting Honeypots
9.1 Detecting Low-Interaction Honeypots
9.2 Detecting High-Interaction Honeypots
9.3 Detecting Rootkits
9.4 Summary
Although honeypots are a great resource for investigating adversaries or automatic exploitation via worms, the amount of information we can learn depends on how realistic the honeypots are. If an adversary breaks into a machine and immediately notices that she broke into a honeypot, her reaction might be to remove all evidence and leave the machine alone. On the other hand, if the fact that she broke into a honeypot remains undetected, she could use it to store attack tools and launch further attacks on other systems. This makes it very important to provide realistic-looking honeypots. For low-interaction ...
Get Virtual Honeypots: From Botnet Tracking to Intrusion Detection now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
