I'm new to this stuff. Can someone explain what a honeypot is?
Printable View
I'm new to this stuff. Can someone explain what a honeypot is?
Hi,
Check out this link http://www.tracking-hackers.com/
Cheerss
A honeypot is basiclly a decoy computer put on a network so that hackers will go after it instead of a regular computer
Ahhh... some good reading is the "Know Your Enemy" Series :DQuote:
I'm new to this stuff. Can someone explain what a honeypot is?
http://project.honeynet.org/papers/
hope this helps
Jack
Well if you really want I can send you my powerpoint on Honeypots. ;) I just taught that a couple of weeks ago.
Basically, honeypots or honeynets are computers or networks setup to attract activity to them. The reasoning for attracting the activity varies: sometimes its to encourage attackers to stay away from the "goodies", sometimes its for an EWS, sometimes its for research. The reasoning why usually will determine the complexity of the honeypot.
Low interaction honeypots like Back Officer Friendly are more for the detect and EWS concept. They give little to no interaction with the attacker. They also have the lowest risk.
Medium interaction honeypots have some interaction but tend to be limited. Often, they incorporate "jailed" environments where attackers can only do so many things. They have some risk. Sometimes they are used to detect attacks before they happen.
The last one has the highest risk and is the cheapest but most difficult to setup. High interaction is usually when you setup a full system live on the internet. You also get the greatest research value out of it.
The Honey Net Project is a good place to learn. Additionally, Lance Spitzner's Honeypots is a good and straighforward read about the art of Honeypots.
Obviously, one issue that has yet to be resolved is that of "entrapment". I do not think as of yet that Honeypots have been tested in a court of law.
Hope that helps.
Thanks everyone.
I fear the day that someone takes over these 'security' forums as a moderator and has to ask what a honeypot is. I really hope your question was a joke. If not, try the sites above. I will also dispense the words of wisdom that the rest of us go by...
google.com say it with me now G-O-O-G-L-E DOT COM.
To be honest I'm insulted and offended by this.
And people wonder why so many regulars leave......
*fart
just another thing on Honeypots... these "High Risk" honeypots (as ms.mittens pointed out) give the most valuable feedback... as that's where most 0day exploits (latest exploits?) are found (by a white hat)... as soon as a new exploit hits one of these honeypots it's out on bugtraq, etc...
Yup. I was thinking of putting my FreeBSD box on to the net as a "high risk" HP but not sure if it violates my AUP. What'dya think? :D
I have this feeling it does...
i'd imagine your admin not liking that too much :D
AUP (had to look this up) Acceptable Use Policy...