JG
Uploaded byJayant Gandhi
40,520 views

Honeypots

This document provides an overview of honeypots, which are security resources that are intended to be probed, attacked, or compromised in order to gather information about attackers. Honeypots can be used to learn about past attacks, detect currently occurring attacks, and identify new types of attacks. They work by monitoring any traffic to resources that are not expected to receive data. Honeypots have advantages like reducing false alarms and providing data for analysis, but also have disadvantages like narrow visibility and risks of the attacker using the honeypot to attack other systems. The document discusses different types of honeypots including low and high interaction honeypots, and specific honeypot tools like Honeyd and Honeynets.

BusinessTechnology
In this document
Powered by AI

Presenters introduced: Jayant Kumar Gandhi, Himanshu Bhatnagar, Sachin Gajjar, Sameek Banerjee, and Shashwat Agrawal.

The agenda discusses motivation, definition, advantages/disadvantages, and types of honeypots.

Highlights key aspects of effective intrusion detection including learning from past attacks and identifying new types of attacks in real-time.

Defines honeypots as security resources valuable when probed or attacked, based on Spitzner's definition.

Describes how honeypots function by expecting no legitimate data, making any traffic likely unauthorized.

Lists advantages such as reducing false positives/negatives, data value, resource efficiency, and simplicity.

Discusses drawbacks including narrow field of view and risks associated with fingerprinting.

Details the two main types of honeypots: Production for law enforcement and research for counter-intelligence.

Focuses on production honeypots' roles in prevention, detection, and response.

Explains research honeypots in terms of early warnings, discovering new tools, motives, and enhancing forensic skills.

Describes low vs high interaction levels, highlighting learning potential and associated risks.

Highlights the risk of attackers compromising honeypots to affect other systems.

Details low interaction honeypots as emulators with limited information on attacker activities.

Describes high interaction honeypots providing actual OS insights but with extensive risks.

Explains Honeyd's functionality as a low-interaction honeypot simulating virtual machines.

Discusses fingerprinting techniques used by attackers to learn about systems before attacking.

Defines honeynets as networks of real machines with Honeywall serving as a gateway.

Addresses legal concerns regarding privacy, entrapment, and liability with honeypots.

Mentions copyright and acknowledgment of trademarks in the presentation.

Includes a list of references and sources consulted regarding honeypots and intrusion detection.

Opens the floor for questions from the audience regarding the presentation.

Provides a link for further contact and access to the presentation uploaded on SlideShare.

Embed presentation

Honeypots Jayant Kumar Gandhi - www.jkg.in Himanshu Bhatnagar Sachin Gajjar Sameek Banerjee Shashwat Agrawal http://www.jkg.in/eel702/presentation.ppt
Agenda Motivation Definition Advantages/ Disadvantages Types
Motivation Key to effective intrusion detection is information Learn more about past attacks Detect currently occurring attacks Identify new types of attacks Do all this in real time
Definition “ Any security resource who’s value lies in being probed, attacked, or compromised” – L. Spitzner, Honeypots: Tracking Hackers , ISBN 0-321-10895-7
How honeypots work A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
Advantages Reduce false positives and false negatives Data value Resources Simplicity
Disadvantages Narrow Field of View Fingerprinting Risk
Types Production (Law enforcement) Research (Counter-intelligence)
Production Honeypots Prevention Detection Response
Research Honeypots Early warning and prediction Discover new tools and tactics Understanding motives, behavior and organization Develop analysis and forensic skills
Level of Interaction Level of interaction determines the amount of functionality a honeypot provides Low Interaction Less learning, complexity and risk High Interaction High learning, complexity and risk
Risk Attacker can compromise your honeypot to harm, attack or infiltrate other systems and organizations
Low Interaction Provide emulated services No operating system to access Information limited to transactional information and attackers activities with the emulated services
High Interaction Provides actual Operating Systems Learn extensive amount of information Extensive risk
Honeyd Low-interaction honeypot Runs on a single computer Simulates a group of virtual machines Simulates the physical network between them Simulates only the network stack of each machine Intended primarily to fool fingerprinting tools
Honeyd Fingerprinting Attackers often try to learn more about a system before attacking it Can determine a machine’s operating system by “testing” its network behavior How the initial TCP sequence number is created Response packets for open and closed ports Configuration of packet headers Common fingerprinting tools: Nmap, Xprobe
Honeynets High-interaction honeypots Network of real machines (honeypots) Honeywall – a gateway between honeypots and rest of the world
Legal issues Privacy Entrapment Liability
Legal Mumbo Jumbo Design template is Copyright © 2006 Jayant Kumar Gandhi (www.jkg.in) Clip art is Copyright © 2006 Microsoft Corporation All trademarks, registered trademarks are acknowledged and are property of their respective owners
Bibliography Robert Graham, Network intrusion detection systems, 2000. http://www.robertgraham.com/pubs/network-intrusion-detection.html David Klug, Honeypots and intrusion detection. http://www.sans.org./infosecFAQ/intrusion/honeypots.htm Christian Plattner Reto Baumann, White paper: Honeypots. http://www.rbaumann.net,http://www.christianplattner.net Lance Spitzner, Honeypots: Tracking hackers ISBN: 0-321-10895-7 Lance Spitzner, Intrusion detection, 2000. http://www.enteract.com/lspitz/ids.html Lance Spitzner, Know your enemy: I, ii and iii, 2000 http://www.project.honeynet.org/papers
Questions?
http://www.jkg.in/contact-me/ Uploaded on SlideShare.net for the public.

More Related Content

PPTX
Honeypots
byGaurav Gupta
 
PPTX
Honeypot
bySushan Sharma
 
PPTX
Honeypot ppt1
bysamrat saurabh
 
PPT
Honeypots
byJ. Scott Christianson
 
PPTX
Honeypot
byShashwat Shriparv
 
PPT
All about Honeypots & Honeynets
byMehdi Poustchi Amin
 
PPTX
Honeypots
bySARANYA S
 
PPT
Honeypot Basics
byManoj kumawat
 
Honeypots
byGaurav Gupta
 
Honeypot
bySushan Sharma
 
Honeypot ppt1
bysamrat saurabh
 
Honeypots
byJ. Scott Christianson
 
Honeypot
byShashwat Shriparv
 
All about Honeypots & Honeynets
byMehdi Poustchi Amin
 
Honeypots
bySARANYA S
 
Honeypot Basics
byManoj kumawat
 

What's hot

PPT
Honeypot
bySajan Sahu
 
PDF
Seminar Report on Honeypot
byAmit Poonia
 
PDF
Virtual honeypot
byElham Hormozi
 
PPTX
Tushar mandal.honeypot
bytushar mandal
 
PPTX
Honey po tppt
byArya AR
 
PPTX
Honeypots and honeynets
byRasool Irfan
 
PPT
Honey Pot
byiradarji
 
PDF
Honeypots for Network Security
byKiruba buri R
 
PDF
What are Honeypots? and how are they deployed?
byHusseinMuhaisen
 
PPTX
Honey pots
byDivya korrapati
 
PPTX
Honey pot in cloud computing
byأحلام انصارى
 
PPTX
Honeypots.ppt1800363876
byMomita Sharma
 
PPTX
HONEYPOTS: Definition, working, advantages, disadvantages
byamit kumar
 
PPT
Honeypot honeynet
bySina Manavi
 
PPT
IDS and IPS
bySantosh Khadsare
 
PDF
Ch 5: Port Scanning
bySam Bowne
 
PPTX
Intrusion detection
byUmesh Dhital
 
PDF
Honeypot 101 (slide share)
byEmil Tan
 
PPTX
John the ripper & hydra password cracking tool
byMd. Raquibul Hoque
 
PPTX
trojan horse- malware(virus)
byNamanKikani
 
Honeypot
bySajan Sahu
 
Seminar Report on Honeypot
byAmit Poonia
 
Virtual honeypot
byElham Hormozi
 
Tushar mandal.honeypot
bytushar mandal
 
Honey po tppt
byArya AR
 
Honeypots and honeynets
byRasool Irfan
 
Honey Pot
byiradarji
 
Honeypots for Network Security
byKiruba buri R
 
What are Honeypots? and how are they deployed?
byHusseinMuhaisen
 
Honey pots
byDivya korrapati
 
Honey pot in cloud computing
byأحلام انصارى
 
Honeypots.ppt1800363876
byMomita Sharma
 
HONEYPOTS: Definition, working, advantages, disadvantages
byamit kumar
 
Honeypot honeynet
bySina Manavi
 
IDS and IPS
bySantosh Khadsare
 
Ch 5: Port Scanning
bySam Bowne
 
Intrusion detection
byUmesh Dhital
 
Honeypot 101 (slide share)
byEmil Tan
 
John the ripper & hydra password cracking tool
byMd. Raquibul Hoque
 
trojan horse- malware(virus)
byNamanKikani
 

Similar to Honeypots

DOC
Honeypots
byShiva Krishna Chandra Shekar
 
DOCX
Honeypots
byJyoti Nagargoje
 
PDF
Ananth3
byShiva Krishna Chandra Shekar
 
PPT
Description on Honeypots in Cyber Security
bySumaiyaSk
 
PPT
Honeypots.ppt
byBhanuriBharathkumar
 
PPT
Honeypot
byKirtiGoyal25
 
PDF
Olll
bynannukaur
 
PPTX
Honey pots
byAlok Singh
 
PPTX
honey pots introduction and its types
byVishal Tandel
 
PPTX
Honeypot ss
byKajal Mittal
 
PPT
Honeypot
byAkhil Sahajan
 
PPT
Honeypot
byAkhil Sahajan
 
PPT
honeypots.ppt
byDetSersi
 
PDF
Honeypots
byBilal ZIANE
 
PDF
IRJET- Data Security using Honeypot System
byIRJET Journal
 
PDF
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
byIJERD Editor
 
PPT
Srikanth
bykondalarao7
 
PDF
Ananth1
byShiva Krishna Chandra Shekar
 
PPTX
Honeypot a trap to hackers
byBhaskarasai Chitturi
 
PDF
IJET-V3I2P16
byIJET - International Journal of Engineering and Techniques
 
Honeypots
byShiva Krishna Chandra Shekar
 
Honeypots
byJyoti Nagargoje
 
Ananth3
byShiva Krishna Chandra Shekar
 
Description on Honeypots in Cyber Security
bySumaiyaSk
 
Honeypots.ppt
byBhanuriBharathkumar
 
Honeypot
byKirtiGoyal25
 
Olll
bynannukaur
 
Honey pots
byAlok Singh
 
honey pots introduction and its types
byVishal Tandel
 
Honeypot ss
byKajal Mittal
 
Honeypot
byAkhil Sahajan
 
Honeypot
byAkhil Sahajan
 
honeypots.ppt
byDetSersi
 
Honeypots
byBilal ZIANE
 
IRJET- Data Security using Honeypot System
byIRJET Journal
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
byIJERD Editor
 
Srikanth
bykondalarao7
 
Ananth1
byShiva Krishna Chandra Shekar
 
Honeypot a trap to hackers
byBhaskarasai Chitturi
 
IJET-V3I2P16
byIJET - International Journal of Engineering and Techniques
 

Recently uploaded

PDF
How to Buy Snapchat Account( 9.7) A Step-by-Step Guide ... (2).pdf
byxuexmv3qbymlv32ohdjf
 
PDF
Kelli Molczyk - A Seasoned Brand Strategist
byKelli Molczyk
 
PPTX
AI for Business - Strategy and Planning Webinar
byChristopherVicGamuya
 
PDF
Back to the future - the return of DB surpluses (slides) - 9 December 2025.pdf
byHenry Tapper
 
PDF
Best 7 Sites to Buy Verified Venmo Accounts With Zero ....pdf
byndsfcm3nubx18jc4s6f4
 
PDF
Updated-costings-on-changes-to-PPF-compensation-levels---with-31-March-2025-f...
byHenry Tapper
 
PDF
BTP - GK 2025-4 (1) Consulting Marketing.pdf
byAyushNath13
 
PDF
Unlock the Power of Leadership: The Electrolux Manufacturing System (EMS) Way
byKaiNexus
 
PDF
Deckers stock picking idea from October 2025
byMathias Lascar
 
PDF
J Hamilton - Pensions UK V1 27.11.2025 (1).pdf
byHenry Tapper
 
PDF
_How to Safely Buy Instagram Accounts in 2025.pdf
byzze2jltsflran03jy3m
 
PDF
How to Buy Snapchat Account( 9.7) A Step-by-Step Guide ....pdf
byndsfcm3nubx18jc4s6f4
 
DOCX
Guide to Safely Buy a Verified Binance Account Today.docx
byh55oga0kd25m12iaza2
 
PDF
Step-by-Step Guide to Purchasing USA Facebook Accounts.pdf
byndsfcm3nubx18jc4s6f4
 
PDF
Buy Verified Western Union Accounts - in the United States (1).pdf
bykeb2bq5cegc6m2xa32ay
 
DOCX
17 Best Platforms to Buy Verified Cash App Accounts in Bulk .docx
byWWW.USAALLHUB.COM
 
PDF
6f0f6b8445ec521879693a52223a777er3e4.pdf
bytostyhazel456
 
DOCX
5 Simple Steps to Purchase Telegram Accounts For Best Service Topusapro.docx
bytopusapro.com
 
PDF
Pension-Protection-Fund-Purple-Book-2025-accessible (1).pdf
byHenry Tapper
 
PPTX
Con Keating's slides from Pension PlayPen budget comments
byHenry Tapper
 
How to Buy Snapchat Account( 9.7) A Step-by-Step Guide ... (2).pdf
byxuexmv3qbymlv32ohdjf
 
Kelli Molczyk - A Seasoned Brand Strategist
byKelli Molczyk
 
AI for Business - Strategy and Planning Webinar
byChristopherVicGamuya
 
Back to the future - the return of DB surpluses (slides) - 9 December 2025.pdf
byHenry Tapper
 
Best 7 Sites to Buy Verified Venmo Accounts With Zero ....pdf
byndsfcm3nubx18jc4s6f4
 
Updated-costings-on-changes-to-PPF-compensation-levels---with-31-March-2025-f...
byHenry Tapper
 
BTP - GK 2025-4 (1) Consulting Marketing.pdf
byAyushNath13
 
Unlock the Power of Leadership: The Electrolux Manufacturing System (EMS) Way
byKaiNexus
 
Deckers stock picking idea from October 2025
byMathias Lascar
 
J Hamilton - Pensions UK V1 27.11.2025 (1).pdf
byHenry Tapper
 
_How to Safely Buy Instagram Accounts in 2025.pdf
byzze2jltsflran03jy3m
 
How to Buy Snapchat Account( 9.7) A Step-by-Step Guide ....pdf
byndsfcm3nubx18jc4s6f4
 
Guide to Safely Buy a Verified Binance Account Today.docx
byh55oga0kd25m12iaza2
 
Step-by-Step Guide to Purchasing USA Facebook Accounts.pdf
byndsfcm3nubx18jc4s6f4
 
Buy Verified Western Union Accounts - in the United States (1).pdf
bykeb2bq5cegc6m2xa32ay
 
17 Best Platforms to Buy Verified Cash App Accounts in Bulk .docx
byWWW.USAALLHUB.COM
 
6f0f6b8445ec521879693a52223a777er3e4.pdf
bytostyhazel456
 
5 Simple Steps to Purchase Telegram Accounts For Best Service Topusapro.docx
bytopusapro.com
 
Pension-Protection-Fund-Purple-Book-2025-accessible (1).pdf
byHenry Tapper
 
Con Keating's slides from Pension PlayPen budget comments
byHenry Tapper
 

Honeypots

  • 1.
    Honeypots Jayant KumarGandhi - www.jkg.in Himanshu Bhatnagar Sachin Gajjar Sameek Banerjee Shashwat Agrawal http://www.jkg.in/eel702/presentation.ppt
  • 2.
    Agenda Motivation DefinitionAdvantages/ Disadvantages Types
  • 3.
    Motivation Key toeffective intrusion detection is information Learn more about past attacks Detect currently occurring attacks Identify new types of attacks Do all this in real time
  • 4.
    Definition “ Anysecurity resource who’s value lies in being probed, attacked, or compromised” – L. Spitzner, Honeypots: Tracking Hackers , ISBN 0-321-10895-7
  • 5.
    How honeypots workA resource that expects no data, so any traffic to or from it is most likely unauthorized activity
  • 6.
    Advantages Reduce falsepositives and false negatives Data value Resources Simplicity
  • 7.
    Disadvantages Narrow Fieldof View Fingerprinting Risk
  • 8.
    Types Production (Lawenforcement) Research (Counter-intelligence)
  • 9.
  • 10.
    Research Honeypots Earlywarning and prediction Discover new tools and tactics Understanding motives, behavior and organization Develop analysis and forensic skills
  • 11.
    Level of InteractionLevel of interaction determines the amount of functionality a honeypot provides Low Interaction Less learning, complexity and risk High Interaction High learning, complexity and risk
  • 12.
    Risk Attacker cancompromise your honeypot to harm, attack or infiltrate other systems and organizations
  • 13.
    Low Interaction Provideemulated services No operating system to access Information limited to transactional information and attackers activities with the emulated services
  • 14.
    High Interaction Providesactual Operating Systems Learn extensive amount of information Extensive risk
  • 15.
    Honeyd Low-interaction honeypotRuns on a single computer Simulates a group of virtual machines Simulates the physical network between them Simulates only the network stack of each machine Intended primarily to fool fingerprinting tools
  • 16.
    Honeyd Fingerprinting Attackersoften try to learn more about a system before attacking it Can determine a machine’s operating system by “testing” its network behavior How the initial TCP sequence number is created Response packets for open and closed ports Configuration of packet headers Common fingerprinting tools: Nmap, Xprobe
  • 17.
    Honeynets High-interaction honeypotsNetwork of real machines (honeypots) Honeywall – a gateway between honeypots and rest of the world
  • 18.
    Legal issues PrivacyEntrapment Liability
  • 19.
    Legal Mumbo JumboDesign template is Copyright © 2006 Jayant Kumar Gandhi (www.jkg.in) Clip art is Copyright © 2006 Microsoft Corporation All trademarks, registered trademarks are acknowledged and are property of their respective owners
  • 20.
    Bibliography Robert Graham,Network intrusion detection systems, 2000. http://www.robertgraham.com/pubs/network-intrusion-detection.html David Klug, Honeypots and intrusion detection. http://www.sans.org./infosecFAQ/intrusion/honeypots.htm Christian Plattner Reto Baumann, White paper: Honeypots. http://www.rbaumann.net,http://www.christianplattner.net Lance Spitzner, Honeypots: Tracking hackers ISBN: 0-321-10895-7 Lance Spitzner, Intrusion detection, 2000. http://www.enteract.com/lspitz/ids.html Lance Spitzner, Know your enemy: I, ii and iii, 2000 http://www.project.honeynet.org/papers
  • 21.
  • 22.
    http://www.jkg.in/contact-me/ Uploaded onSlideShare.net for the public.