Professional Documents
Culture Documents
An Introduction To The Honeypots
An Introduction To The Honeypots
An Introduction To The Honeypots
The Honeypots
Princy cc
Content
Definition
Three Architectures
Applications
Advantages and disadvantages
Future Work
2
Definition
Honeypot
3
How it works
4
Type of Honeypot
Purposes
Production / Research
Characteristics
Low / High Interactivity
5
Low-Interaction vs. High-Interaction
Low-Interaction High-Interaction
6
Value of Honeypots
Prevention
Detection
Response
Research Purpose
7
Prevention
8
Detection
9
Response
10
Three Architectures
Honeyd
Gen I Honeynet
Gen II Honeynet
11
Honeyd Overview
Honeyd is a low-interaction
virtual honeypot
Simulate arbitrary TCP/UDP service
• IIS, Telnet, pop3…
Supports multiple IP addresses
• Test up to 65536 addresses
simultaneously
Supports ICMP
• Virtual machines answer to ping and
traceroute
Supports subsystem
12
Honeyd Architecture
13
Honeyd Architecture
Configuration database
Store the personalities of the
configured network stack.
Central packet
dispatcher
Dispatch Incoming packets to the
correct protocol handler.
Protocol handles
Personality engine
Option routing
component
14
GEN I Honeynet
15
Gen I Honeynet
16
GEN II Honeynet
17
Gen II Honeynet
18
Application
19
How effective it is !
20
Advantages
21
Disadvantages
22
Future Work
23
24