I'm new to this stuff. Can someone explain what a honeypot is?
Printable View
I'm new to this stuff. Can someone explain what a honeypot is?
Hi,
Check out this link http://www.tracking-hackers.com/
Cheerss
A honeypot is basiclly a decoy computer put on a network so that hackers will go after it instead of a regular computer
Ahhh... some good reading is the "Know Your Enemy" Series :DQuote:
I'm new to this stuff. Can someone explain what a honeypot is?
http://project.honeynet.org/papers/
hope this helps
Jack
Well if you really want I can send you my powerpoint on Honeypots. ;) I just taught that a couple of weeks ago.
Basically, honeypots or honeynets are computers or networks setup to attract activity to them. The reasoning for attracting the activity varies: sometimes its to encourage attackers to stay away from the "goodies", sometimes its for an EWS, sometimes its for research. The reasoning why usually will determine the complexity of the honeypot.
Low interaction honeypots like Back Officer Friendly are more for the detect and EWS concept. They give little to no interaction with the attacker. They also have the lowest risk.
Medium interaction honeypots have some interaction but tend to be limited. Often, they incorporate "jailed" environments where attackers can only do so many things. They have some risk. Sometimes they are used to detect attacks before they happen.
The last one has the highest risk and is the cheapest but most difficult to setup. High interaction is usually when you setup a full system live on the internet. You also get the greatest research value out of it.
The Honey Net Project is a good place to learn. Additionally, Lance Spitzner's Honeypots is a good and straighforward read about the art of Honeypots.
Obviously, one issue that has yet to be resolved is that of "entrapment". I do not think as of yet that Honeypots have been tested in a court of law.
Hope that helps.
Thanks everyone.
I fear the day that someone takes over these 'security' forums as a moderator and has to ask what a honeypot is. I really hope your question was a joke. If not, try the sites above. I will also dispense the words of wisdom that the rest of us go by...
google.com say it with me now G-O-O-G-L-E DOT COM.
To be honest I'm insulted and offended by this.
And people wonder why so many regulars leave......
*fart
just another thing on Honeypots... these "High Risk" honeypots (as ms.mittens pointed out) give the most valuable feedback... as that's where most 0day exploits (latest exploits?) are found (by a white hat)... as soon as a new exploit hits one of these honeypots it's out on bugtraq, etc...
Yup. I was thinking of putting my FreeBSD box on to the net as a "high risk" HP but not sure if it violates my AUP. What'dya think? :D
I have this feeling it does...
i'd imagine your admin not liking that too much :D
AUP (had to look this up) Acceptable Use Policy...
Like hogfly said...
google.com
whatis.com
oh, not to forget, the forum archives .
Ammo
A honeypot is a usually a ceramic, sometimes glass bowel, with a cover used to keep honey. ( a bi-product of the honey bee's nesting habits ) If you ever watched winnie the poo, you've seen a honey pot.
Sorry I offended you. My job here is not to be an expert on any of this, but rather just help the site run more smoothly. And you're absolutely right, I could have found the answer to my question via Google, but since you guys are the experts on the subject, where better to find the answer?Quote:
Originally posted here by hogfly
I fear the day that someone takes over these 'security' forums as a moderator and has to ask what a honeypot is. I really hope your question was a joke. If not, try the sites above. I will also dispense the words of wisdom that the rest of us go by...
google.com say it with me now G-O-O-G-L-E DOT COM.
To be honest I'm insulted and offended by this.
And people wonder why so many regulars leave......
*fart
The problem with your post that many people here may have, is the fact that 'newbies' to *hacking* come here and ask the time honoured question:
"How do i hack?"
Generally, this annoys most members that even have a remote idea about security. We are here to learn, not to answer basic questions that could have been solved by typing into google 'honey pots'. The point is that basic questions are spammed and just get annoying, where people couldnt be bothered searching for it themselves.
--mupp3t
No, I don't think most the people here are concerned with the fact that this is a newbie-type question. In fact, I wouldn't have too much of a problem if a newbie asked that (but of couse, I would encourage them to do a search first).
What I am concerned about is that a proposed moderator of a well-known security site has no idea what a honeypot is. I wouldn't ask somebody to listen to my motor to "make sure it runs smoothly" if they had no idea what a carburetor is.
Obviously he is making an attempt to learn so he can more effectively moderate, but I think that some basic security knowledge should have been prerequisite to the moderator position.
JMHO
clap clap bluebeard..you got what I was saying.
Streetrunner, I'm by no means insulted by your question, it's a rather straight forward and good question. As bluebeard summed up, I take issue with the fact that a self proclaimed moderator on a security site is less informed about security than the "newbies" that would be asking questions to said moderator. I do not doubt your prowess in other areas ( as I can see you are an avid vb programmer for jupiter).
I'll save my comments on that for another forum.
On to the honeynet/honeypot question. Msmittens has answered the question in the best terms here so far. The links are also great places to go. You can sign up and do some analysis if you are interested.
To reiterate...it is simply a network or computer designed to attract attention to itself by running or appearing to be running vulnerable or tasty services that someone would like to break in to. Imagine seeing a server running a yummy older version of BIND behind a poorly constructed gateway/firewall that you could get in to and once there...you find out there is a whole network of computers associated with it. now watching a honeynet getting broken in to, is one of the most informative things you could see. You can see the mind of a determined hacker at work as they exploit your services in no time at all. (Read Cuckoo's egg by cliff stoll, a very basic honeynet but a good read)Fact is most honeynets are explored, revealed and exploited in a matter of minutes.
a few sloppy ones are DTK (deception toolkit) and foundstone also has one freely available which I haven't used so I'm not sure how good it is.
Hope this helps a little more.
mupp3t, hogfly, bluebeard96: Thank you all for your input. I will try to keep my newbie-type questions to a minimum but I may from time to time ask more questions (after first searching for the answer of course :) ). While "Moderator" doesn't equal "Expert" I'd like to know as much as I can about computer security.
Hope this isnt some stab at VB programmers mr. hogfly. I'll have to drag n drop me up a crafty spl01t and 0wn you f00l! Don't make the \\//\\// pull that card. hahahahhahaahQuote:
Originally posted here by hogfly
clap clap bluebeard..you got what I was saying.
Streetrunner, I'm by no means insulted by your question, it's a rather straight forward and good question. As bluebeard summed up, I take issue with the fact that a self proclaimed moderator on a security site is less informed about security than the "newbies" that would be asking questions to said moderator. I do not doubt your prowess in other areas ( as I can see you are an avid vb programmer for jupiter).
I'll save my comments on that for another forum.
On to the honeynet/honeypot question. Msmittens has answered the question in the best terms here so far. The links are also great places to go. You can sign up and do some analysis if you are interested.
To reiterate...it is simply a network or computer designed to attract attention to itself by running or appearing to be running vulnerable or tasty services that someone would like to break in to. Imagine seeing a server running a yummy older version of BIND behind a poorly constructed gateway/firewall that you could get in to and once there...you find out there is a whole network of computers associated with it. now watching a honeynet getting broken in to, is one of the most informative things you could see. You can see the mind of a determined hacker at work as they exploit your services in no time at all. (Read Cuckoo's egg by cliff stoll, a very basic honeynet but a good read)Fact is most honeynets are explored, revealed and exploited in a matter of minutes.
a few sloppy ones are DTK (deception toolkit) and foundstone also has one freely available which I haven't used so I'm not sure how good it is.
Hope this helps a little more.