Skip to Content
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
book

Virtual Honeypots: From Botnet Tracking to Intrusion Detection

by Niels Provos, Thorsten Holz
July 2007
Intermediate to advanced
480 pages
13h 20m
English
Addison-Wesley Professional
Content preview from Virtual Honeypots: From Botnet Tracking to Intrusion Detection

Chapter 9. Detecting Honeypots

9.1 Detecting Low-Interaction Honeypots

9.2 Detecting High-Interaction Honeypots

9.3 Detecting Rootkits

9.4 Summary

Although honeypots are a great resource for investigating adversaries or automatic exploitation via worms, the amount of information we can learn depends on how realistic the honeypots are. If an adversary breaks into a machine and immediately notices that she broke into a honeypot, her reaction might be to remove all evidence and leave the machine alone. On the other hand, if the fact that she broke into a honeypot remains undetected, she could use it to store attack tools and launch further attacks on other systems. This makes it very important to provide realistic-looking honeypots. For low-interaction ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

OSSEC Host-Based Intrusion Detection Guide

OSSEC Host-Based Intrusion Detection Guide

Daniel Cid, Andrew Hay, Rory Bray
Early Threat Detection and Safeguarding Data with IBM QRadar and IBM Copy Services Manager on IBM DS8000
Linux® Routing

Linux® Routing

Joe Brockmeier, Dee-Ann LeBlanc, Ron McCarty
The Ransomware Threat Landscape

Publisher Resources

ISBN: 9780321336323Purchase book