What are honeypots?
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: What are honeypots?

  1. #1
    Member
    Join Date
    Jul 2004
    Posts
    46

    What are honeypots?

    Seeing the forum title, it got me thinking... and well, what are honeypots? And, are they any better than firewalls?
    Tell me if you think I\'m spamming or doing something stupid, please.

  2. #2
    Banned
    Join Date
    Sep 2004
    Posts
    305
    A computer set up to lure an attacker toward it rather than the key systems on a network. I'm sure someone will expand on it but that's what a honeypot is basically.

  3. #3
    er0k
    Guest
    Well if you really want I can send you my powerpoint on Honeypots. I just taught that a couple of weeks ago.

    Basically, honeypots or honeynets are computers or networks setup to attract activity to them. The reasoning for attracting the activity varies: sometimes its to encourage attackers to stay away from the "goodies", sometimes its for an EWS, sometimes its for research. The reasoning why usually will determine the complexity of the honeypot.

    Low interaction honeypots like Back Officer Friendly are more for the detect and EWS concept. They give little to no interaction with the attacker. They also have the lowest risk.

    Medium interaction honeypots have some interaction but tend to be limited. Often, they incorporate "jailed" environments where attackers can only do so many things. They have some risk. Sometimes they are used to detect attacks before they happen.

    The last one has the highest risk and is the cheapest but most difficult to setup. High interaction is usually when you setup a full system live on the internet. You also get the greatest research value out of it.

    The Honey Net Project is a good place to learn. Additionally, Lance Spitzner's Honeypots is a good and straighforward read about the art of Honeypots.

    Obviously, one issue that has yet to be resolved is that of "entrapment". I do not think as of yet that Honeypots have been tested in a court of law.

    Hope that helps.
    msmittens in this thread: http://www.antionline.com/showthread...hreadid=240611

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Hint: Google

    A host or network with known vulnerabilities deliberately exposed to a public network. Honeypots are useful in studying attackers' behavior and also in drawing attention away from other potential targets.
    http://www.nwfusion.com/techinsider/...security2.html
    So they're not "better than firewalls" because they don't serve the same purpose as a firewall.

    Check out the Honeynet Project. They have some good info on their site as well as a live Linux CD that serves as a honeypot.

    -edit-
    Wow, I'm a slow poster

  5. #5
    Banned
    Join Date
    Feb 2004
    Posts
    20
    If you could post that powerpoint up, id quite fancy a read of it?

    Cheers

    Andy

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    "entrapment is where a police officer or other law enforcement officer induces a person to commit a crime that the person wouldn’t have committed otherwise for the purpose of bringing a criminal prosecution against that person"
    - http://www.legal-definitions.com/entrapment.htm

    (Not the best legal site, but good plain English answers.)

    Clearly this wouldn't be an issue with honeypots unless the cop was telling the attacker to break into the system. Merely having an insecure system does not qualify as inducing the attack.

    cheers,

    catch

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Ya. I did once make the mistake of the entrapment issue. It's not as much of an issue really unless you're working with the police or for the police. Then it'd probably get into grey areas. I also wonder what the SuperDMCA laws would think of a honeypot if it was tested in court.

    That said, Lance Spitzner, the King of Honeypot Knowledge IMO, did identify 3 areas of concern for honeypots.

    Entrapment: can be an issue for some but for many not.

    Liability: this is an obvious one since there is always a risk, particularly if you use a high-interactive, home-built honeypot, that it could be completely owned and then used for attacks elsewhere. The company potentially becomes liable for actions that it was used for.

    Privacy: Now this one is one that I think it will take a court case to settle. Spitnzer says "either in the files placed on compromised systems by intruders and the interception of communication (usually IRC) relayed through Honeynets." It's an interesting twist (although with the Patriot Act, this may make this all rather moot since there is a lack of privacy specifically for the US but other countries may be different).

    edit

    I've added my Honeypot Presentation. Keep in mind this is a general presentation, not a HOW TO. How tos are why Google exists! (plus this is taught in a class where students do the research on the HOW TO).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    That privacy thing got me thinking.........

    What happens if I put banners all over the place?

    "This is a monitored system. Any and all actions will be logged".

    This won't stop an attacker but I think it'll hold up in court against any "privacy" issues.
    But then again IANAL.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    This won't stop an attacker but I think it'll hold up in court against any "privacy" issues.
    Theoretically yes. But AFAIK, honeypots have never been tested in courts. I suspect that most use it for research or EWS rather than for evidence in court proceedings and such.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Have login banners been tested in court? In theory they have since if I'm not mistaken it's a US Government requirement that all login banners spew out the classic "it is punishable by law to obtain unauthorized access to this system" etc..
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •