SlideShare a Scribd company logo

honey pots introduction and its types

Download as PPTX, PDF
Vishal Tandel
Vishal Tandel

presentation includes introduction of honeypot. With evaluation and different types of honeypots including the low interaction and high interaction.

Technology
1 of 21
Honeypot Presented by-  Tandel Vishal
Objectives Case Study includes the different types of honeypots. With evaluation and different types of honeypots including the low interaction and high interaction.
Abstract This Case Study presents an evaluation of honeypots used for gathering information about the methods used by attackers to compromise a host. Honeypots are an important utility to learn more about attackers. There are several types of honeypots which can be used for gathering information about the tools and methods used by attackers to compromise a server. This paper will evaluate these honeypots. The focus will be on the virtual honeypots, because they are a rather new concept. We will compare them to the other types of honeypots to find out if the information gathered from the virtual honeypots is just as useful as from the other honeypots. We will see that there are even more possibilities with virtual honeypots than with low interaction and high interaction honeypots.
Introduction Countermeasure to detect or prevent attacks Know attack strategies Gather information which is then used to better identify, understand and protect against threats. Divert hackers from productive systems
Study A Honeypot is a security resource whose value is in being probed, attacked or compromise. A honeypot is a resource which pretends to be a real target. A honeypot is expected to be attacked or compromised. The main goals are the distraction of an attacker and the gain of information about an attacker, his methods and tools.
Study cont. In this section we will discuss the criteria which will be used to evaluate different types of honeypots. We will come to these criteria by distilling the information from the literature we found on the topic of honeypots. A big difference between honeypots is the degree on how much control an attacker can get once he compromised a honeypot. The more control an attacker can have, the more you can learn about his motives and techniques. This criterion will be used in the evaluation of different types of honeypots.
Methodology Two categories of Honeypots methodology  Low Interaction - Low interaction honeypots are limited in their extent of interaction. They are actually emulators of services and operating systems, whereby attacker activity is limited to the level of emulation by the honeypot. This keeps the host operating system uncompromised. Logs of the attacker are kept on the host’s file system, relatively save from manipulation. The deployment and maintenance of these systems are simple and do not involve much risk. Unfortunately low interaction systems log only limited information and are designed to capture known activity. An attacker can detect a low interaction honeypot by executing a command that the emulation does not support.  Eg. Specter, Honeyd and KFSensor.
Methodology cont. Specter, low interaction honeypot software  Next we will look into the deployment of a low interaction honeypot. McGrew et al deployed the low interaction honeypot Specter ([GV06]). With this honeypot they tried to gather information on the network of the Mississippi State University about the type and source of attacks as well as the amount of time that a machine can expect to be online before being attacked. They deployed the honeypot on the network behind the university’s firewall and on an IP address outside of the university’s firewall.  The results of the research done by are about two situations, the honeypot behind the firewall and the honeypot directly connected to the internet. The results from the tests with the honeypot behind the firewall were not interesting. In the two-week period no activity was logged by the low interaction honeypots behind the firewall.  More interesting were the results of the honeypots directly connected to the internet. The first week of the Solaris honeypot, the first anomalous connection was observed after 2 hours and 40 minutes after connecting to the internet. The second week the honeypot emulated a Windows XP host. After 14 minutes the first anomalous connection was observed. The Solaris honeypot logged an average of one attack every 1 hour and 26 minutes, during a period of 7 days. The Windows XP honeypot also logged for a period of 7 days and had an average of one attack every 48 minutes. The most attacks on the Windows XP honeypot were on the Microsoft IIS web server service.
Honeyd, low interaction honeypot framework  Another research on low interaction honeypots has been done by Provos [PROV04]. Provos used the Honeyd framework for their research. They limited attackers to interacting with their honeypots only at the network level. They did not emulate every aspect of an operating system. Instead they choose to simulate only the network stack of a certain operating system. The main reason for this approach is that an attacker never gains complete access to the system even if he compromises a simulated service.  With this approach they are still able to capture connection and compromise attempts.
 High Interaction - . High interaction honeypots utilize actual operating systems rather than emulations like the low interaction honeypots. Because actual operating systems are utilized, the attacker gets a more realistic experience and we can gather more information about intended attacks. This makes high interaction honeypots very useful in situations where one wishes to capture details of vulnerabilities or exploits that are not yet known to the public. These vulnerabilities or exploits are being used only by a small number of attackers who discovered the vulnerability and wrote an exploit for it.It is very important to find and publicize these vulnerabilities quickly, so that system administrators can filter or work around these problems. Also vendors can develop and release software patches to fix these vulnerabilities.  High interaction honeypots provide information on the motives, tools, and techniques of the attackers. This is another advantage of these types of honeypots. Other systems like firewall logs, IDS alerts, and low interaction honeypots can log a large number of attacks. A large percentage of these attacks will effectively be not interesting.
A generation II high interaction honeypot  The most difficult issue of these honeypots is the provisions that must be made for data control and data capture. Because these systems are complete operating systems, if an attacker takes control over this system, appropriate measures must have been taken to limit the attacker’s ability to launch attacks from this honeypot system. If attacks targeting other production machines, whether within the organization or outside the organization, the honeypot becomes a major liability. That is why some put a firewall in front of the high interaction honeypots, which blocks all outbound connections. These limitations can hinder the progress of the attacker, resulting in less informative data being captured and potentially alerting attackers to the possibility that they are being watched.  McGrew et al used “Generation II” techniques for data control ([HOG05]). This involves a machine separate from the honeypot acting as a layer 2 bridging firewall, called a “Honeywall”. Out-bound connections from the honeypot are restricted by this Honeywall. The Honeywall utilizes a special in- line version of the Snort IDS to detect known attacks and either block or “mangle” them by modifying key elements of the attack to prevent them from being successful. The Honeywall prevents the honeypot from being used as a significant contribution to denial -of-service attacks by limiting the bandwidth and the number of established connections of the honeypot.
File system changes on high interaction honeypots  This gives some great opportunities for evidence reconstruction. For example to obtain all the files created by an attacker, once he compromised the system. Or a report can be generated of all the files altered by the attacker, with the content of the alteration. Another possibility is to create a timeline, containing the complete evolution of a set of files or even the entire file system. However, for making a complete evolution timeline of the entire file system, a local copy of the honeypots original file system is needed, for the evidence reconstruction.
Virtual Honeypots  In the previous section we talked about high interaction honeypots. When you want to deploy a complete honeynet with high interaction honeypots running different operating systems, this can become quite expensive. Because you will need a physical machine for every honeypot. Today, server virtualization is emerging as one of the most popular options for reducing costs ([ITB06]). Virtualizations offers also some other useful possibilities for honeypots. This is why virtual machines are becoming more common as honeypots. Software used for the virtualization include VMWare ([VM06]), User Mode Linux ([UML06]), and Microsoft’s Virtual PC ([MSV06]).  One of the advantages of using virtual servers is that they are easy to fix and isolate, and that you can emulate several systems on a single machine. Numbers like two or three virtual systems per physical machine are very common. This makes it possible to create a complete honeynet on one physical machine, a virtual honeynet
 The Honeynet Project defines two types of virtual honeynets, self-contained and hybrid ([HOV03]). A self- contained virtual honeynet is an entire honeynet network onto a single machine, see figure 1. This means that both the Honeywall and the honeypots are on the same machine. This also brings a risk. If an attacker somehow discovered the host machine andcompromised it, your complete honeynet will be useless. So you have a Single Point of Failure. If something goes wrong with the hardware for example, your whole honeynet will be down. Figure 1. A self-contained virtual honeynet setup
 There is the hybrid virtual honeynet. With hybrid virtual honeynet, the Honeywall is a separate machine, illustrated in figure 2. All the honeypots are on running on the same machine using virtualization. This solution is more secure, because the attacker could only access the other honeypots on the virtual machine. The Honeywall will be save on a separate machine. But this makes this solution also less portable then a self- contained virtual honeynet. Figure 2. A hybrid virtual honeynet setup
Examples of honeypots Examples of freeware honeypots include: 1. Deception Toolkit6: DTK was the first Open Source honeypot released in 1997. It is a collection of Perl scripts and C source code that emulates a variety of listening services. Its primary purpose is to deceive human attackers. 2. LaBrea7: This is designed to slow down or stop attacks by acting as a sticky honeypot to detect and trap worms and other malicious codes. It can run on Windows or Unix. 3. Honeywall CDROM8: The Honeywall CDROM is a bootable CD with a collection of open source software. It makes honeynet deployments simple and effective by automating the process of deploying a honeynet gateway known as a Honeywall. It can capture, control and analyse all inbound and outbound honeynet activity. 4. Honeyd9: This is a powerful, low-interaction Open Source honeypot, and can be run on both UNIX-like and Windows platforms. It can monitor unused IPs, simulate operating systems at the TCP/IP stack level, simulate thousands of virtual hosts at the same time, and monitor all UDP and TCP based ports.
Examples of honeypots.  http://www.all.net/dtk/index.html  http://labrea.sourceforge.net/labrea-info.html  http://www.honeynet.org/tools/cdrom  http://www.honeyd.org/ 5. Honeytrap10 : This is a low-interactive honeypot developed to observe attacks against network services. It helps administrators to collect information regarding known or unknown network-based attacks.
Examples of honeypots cont. 6. HoneyC11: This is an example of a client honeypot that initiates connections to a server, aiming to find malicious servers on a network. It aims to identify malicious web servers by using emulated clients that are able to solicit the type of response from a server that is necessary for analysis of malicious content. 7. HoneyMole12: This is a tool for the deployment of honeypot farms, or distributed honeypots, and transport network traffic to a central honeypot point where data collection and analysis can be undertaken.
Conclusion A Valuable Resource To be Compromised Gains Info. About Attackers and their Strategies Need for Tight Supervision Honeypot is primarily a research tool, but also has a real commercial applications. The honey pot set in the company's Web or mail server IP address on the adjacent, you can understand that it suffered the attack. reduce the data to be analyzed. For the usual website or mail server, attack traffic is usually overwhelmed by legitimate traffic. Thus, browsing data to identify the actual behavior of the attacker also much easier.
References [DVK+06] P. Defibaugh-Chavez, R. Veeraghattam, M.Kannappa, S. Mukkamala, A. H. Sung, “NetworkBased Detection of Virtual Environments and low Interaction Honeypots”, In 2006 IEEE InformationAssurance Workshop, pages 283-289, IEEE, 2006. [GV06] R. McGrew, R.B. Vaughn, Experiences With HoneypotSystems: Development, Deployment, and Analysis,System Sciences, 2006. Proceedings of the 39th Annual Hawaii International Conference, pages 220a-220a, IEEE, 2006. [HOG05] The Honeynet Project, Know Your Enemy: GenIIHoneynets, http://www.honeynet.nl/papers/gen2/index.html (07-12-2006), The Honeynet Project 2005. [Hon06] Honeynet Project, “Know your Enemy: Honeynets”, http://www.honeynet.nl/papers/honeynet/index.html, (3-10-2006), Honeynet Project, 2006.
Thank You…

Recommended

Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honeypots
HoneypotsHoneypots
HoneypotsGaurav Gupta
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
Honeypots
HoneypotsHoneypots
HoneypotsPresentaionslive.blogspot.com
 
Honeypot
HoneypotHoneypot
HoneypotSajan Sahu
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 

Recommended

Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honeypots
HoneypotsHoneypots
HoneypotsGaurav Gupta
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
Honeypots
HoneypotsHoneypots
HoneypotsPresentaionslive.blogspot.com
 
Honeypot
HoneypotHoneypot
HoneypotSajan Sahu
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot BasicsManoj kumawat
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honey pots
Honey potsHoney pots
Honey potsDivya korrapati
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 

More Related Content

What's hot

Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 

What's hot (20)

All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeyd
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypot
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
 
Honey pots
Honey potsHoney pots
Honey pots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Cyber security
Cyber securityCyber security
Cyber security
 

Viewers also liked

Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Vishal Tandel
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Eng. Mohammed Ahmed Siddiqui
 
Honeypot Social Profiling
Honeypot Social ProfilingHoneypot Social Profiling
Honeypot Social ProfilingBryan Conde
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 

Viewers also liked (14)

Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot Project
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.
 
Honey pots
Honey potsHoney pots
Honey pots
 
Ppt
PptPpt
Ppt
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
 
Honeypot Social Profiling
Honeypot Social ProfilingHoneypot Social Profiling
Honeypot Social Profiling
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
 

Similar to honey pots introduction and its types

IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513IJRAT
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET Journal
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...IJERA Editor
 
IRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET Journal
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot frameworkUltraUploader
 

Similar to honey pots introduction and its types (20)

IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Ananth3
Ananth3Ananth3
Ananth3
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
IJET-V3I2P16
IJET-V3I2P16IJET-V3I2P16
IJET-V3I2P16
 
Honeypots
HoneypotsHoneypots
Honeypots
 
M0704071074
M0704071074M0704071074
M0704071074
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on Honeypots
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
 
Em36849854
Em36849854Em36849854
Em36849854
 
Integrated honeypot
Integrated honeypotIntegrated honeypot
Integrated honeypot
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Olll
OlllOlll
Olll
 
IRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using Honeypot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
 
Ananth1
Ananth1Ananth1
Ananth1
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot framework
 

More from Vishal Tandel

Introduction of Windows azure and overview
Introduction of Windows azure and overviewIntroduction of Windows azure and overview
Introduction of Windows azure and overviewVishal Tandel
 
Mobile transport layer - traditional TCP
Mobile transport layer - traditional TCPMobile transport layer - traditional TCP
Mobile transport layer - traditional TCPVishal Tandel
 
Introduction on Prolog - Programming in Logic
Introduction on Prolog - Programming in LogicIntroduction on Prolog - Programming in Logic
Introduction on Prolog - Programming in LogicVishal Tandel
 
Case Study on Google.
Case Study on Google.Case Study on Google.
Case Study on Google.Vishal Tandel
 
Cluster analysis for market segmentation
Cluster analysis for market segmentationCluster analysis for market segmentation
Cluster analysis for market segmentationVishal Tandel
 

More from Vishal Tandel (6)

Introduction of Windows azure and overview
Introduction of Windows azure and overviewIntroduction of Windows azure and overview
Introduction of Windows azure and overview
 
Mobile transport layer - traditional TCP
Mobile transport layer - traditional TCPMobile transport layer - traditional TCP
Mobile transport layer - traditional TCP
 
Route maps
Route mapsRoute maps
Route maps
 
Introduction on Prolog - Programming in Logic
Introduction on Prolog - Programming in LogicIntroduction on Prolog - Programming in Logic
Introduction on Prolog - Programming in Logic
 
Case Study on Google.
Case Study on Google.Case Study on Google.
Case Study on Google.
 
Cluster analysis for market segmentation
Cluster analysis for market segmentationCluster analysis for market segmentation
Cluster analysis for market segmentation
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

honey pots introduction and its types

  • 2. Objectives Case Study includes the different types of honeypots. With evaluation and different types of honeypots including the low interaction and high interaction.
  • 3. Abstract This Case Study presents an evaluation of honeypots used for gathering information about the methods used by attackers to compromise a host. Honeypots are an important utility to learn more about attackers. There are several types of honeypots which can be used for gathering information about the tools and methods used by attackers to compromise a server. This paper will evaluate these honeypots. The focus will be on the virtual honeypots, because they are a rather new concept. We will compare them to the other types of honeypots to find out if the information gathered from the virtual honeypots is just as useful as from the other honeypots. We will see that there are even more possibilities with virtual honeypots than with low interaction and high interaction honeypots.
  • 4. Introduction Countermeasure to detect or prevent attacks Know attack strategies Gather information which is then used to better identify, understand and protect against threats. Divert hackers from productive systems
  • 5. Study A Honeypot is a security resource whose value is in being probed, attacked or compromise. A honeypot is a resource which pretends to be a real target. A honeypot is expected to be attacked or compromised. The main goals are the distraction of an attacker and the gain of information about an attacker, his methods and tools.
  • 6. Study cont. In this section we will discuss the criteria which will be used to evaluate different types of honeypots. We will come to these criteria by distilling the information from the literature we found on the topic of honeypots. A big difference between honeypots is the degree on how much control an attacker can get once he compromised a honeypot. The more control an attacker can have, the more you can learn about his motives and techniques. This criterion will be used in the evaluation of different types of honeypots.
  • 7. Methodology Two categories of Honeypots methodology  Low Interaction - Low interaction honeypots are limited in their extent of interaction. They are actually emulators of services and operating systems, whereby attacker activity is limited to the level of emulation by the honeypot. This keeps the host operating system uncompromised. Logs of the attacker are kept on the host’s file system, relatively save from manipulation. The deployment and maintenance of these systems are simple and do not involve much risk. Unfortunately low interaction systems log only limited information and are designed to capture known activity. An attacker can detect a low interaction honeypot by executing a command that the emulation does not support.  Eg. Specter, Honeyd and KFSensor.
  • 8. Methodology cont. Specter, low interaction honeypot software  Next we will look into the deployment of a low interaction honeypot. McGrew et al deployed the low interaction honeypot Specter ([GV06]). With this honeypot they tried to gather information on the network of the Mississippi State University about the type and source of attacks as well as the amount of time that a machine can expect to be online before being attacked. They deployed the honeypot on the network behind the university’s firewall and on an IP address outside of the university’s firewall.  The results of the research done by are about two situations, the honeypot behind the firewall and the honeypot directly connected to the internet. The results from the tests with the honeypot behind the firewall were not interesting. In the two-week period no activity was logged by the low interaction honeypots behind the firewall.  More interesting were the results of the honeypots directly connected to the internet. The first week of the Solaris honeypot, the first anomalous connection was observed after 2 hours and 40 minutes after connecting to the internet. The second week the honeypot emulated a Windows XP host. After 14 minutes the first anomalous connection was observed. The Solaris honeypot logged an average of one attack every 1 hour and 26 minutes, during a period of 7 days. The Windows XP honeypot also logged for a period of 7 days and had an average of one attack every 48 minutes. The most attacks on the Windows XP honeypot were on the Microsoft IIS web server service.
  • 9. Honeyd, low interaction honeypot framework  Another research on low interaction honeypots has been done by Provos [PROV04]. Provos used the Honeyd framework for their research. They limited attackers to interacting with their honeypots only at the network level. They did not emulate every aspect of an operating system. Instead they choose to simulate only the network stack of a certain operating system. The main reason for this approach is that an attacker never gains complete access to the system even if he compromises a simulated service.  With this approach they are still able to capture connection and compromise attempts.
  • 10.  High Interaction - . High interaction honeypots utilize actual operating systems rather than emulations like the low interaction honeypots. Because actual operating systems are utilized, the attacker gets a more realistic experience and we can gather more information about intended attacks. This makes high interaction honeypots very useful in situations where one wishes to capture details of vulnerabilities or exploits that are not yet known to the public. These vulnerabilities or exploits are being used only by a small number of attackers who discovered the vulnerability and wrote an exploit for it.It is very important to find and publicize these vulnerabilities quickly, so that system administrators can filter or work around these problems. Also vendors can develop and release software patches to fix these vulnerabilities.  High interaction honeypots provide information on the motives, tools, and techniques of the attackers. This is another advantage of these types of honeypots. Other systems like firewall logs, IDS alerts, and low interaction honeypots can log a large number of attacks. A large percentage of these attacks will effectively be not interesting.
  • 11. A generation II high interaction honeypot  The most difficult issue of these honeypots is the provisions that must be made for data control and data capture. Because these systems are complete operating systems, if an attacker takes control over this system, appropriate measures must have been taken to limit the attacker’s ability to launch attacks from this honeypot system. If attacks targeting other production machines, whether within the organization or outside the organization, the honeypot becomes a major liability. That is why some put a firewall in front of the high interaction honeypots, which blocks all outbound connections. These limitations can hinder the progress of the attacker, resulting in less informative data being captured and potentially alerting attackers to the possibility that they are being watched.  McGrew et al used “Generation II” techniques for data control ([HOG05]). This involves a machine separate from the honeypot acting as a layer 2 bridging firewall, called a “Honeywall”. Out-bound connections from the honeypot are restricted by this Honeywall. The Honeywall utilizes a special in- line version of the Snort IDS to detect known attacks and either block or “mangle” them by modifying key elements of the attack to prevent them from being successful. The Honeywall prevents the honeypot from being used as a significant contribution to denial -of-service attacks by limiting the bandwidth and the number of established connections of the honeypot.
  • 12. File system changes on high interaction honeypots  This gives some great opportunities for evidence reconstruction. For example to obtain all the files created by an attacker, once he compromised the system. Or a report can be generated of all the files altered by the attacker, with the content of the alteration. Another possibility is to create a timeline, containing the complete evolution of a set of files or even the entire file system. However, for making a complete evolution timeline of the entire file system, a local copy of the honeypots original file system is needed, for the evidence reconstruction.
  • 13. Virtual Honeypots  In the previous section we talked about high interaction honeypots. When you want to deploy a complete honeynet with high interaction honeypots running different operating systems, this can become quite expensive. Because you will need a physical machine for every honeypot. Today, server virtualization is emerging as one of the most popular options for reducing costs ([ITB06]). Virtualizations offers also some other useful possibilities for honeypots. This is why virtual machines are becoming more common as honeypots. Software used for the virtualization include VMWare ([VM06]), User Mode Linux ([UML06]), and Microsoft’s Virtual PC ([MSV06]).  One of the advantages of using virtual servers is that they are easy to fix and isolate, and that you can emulate several systems on a single machine. Numbers like two or three virtual systems per physical machine are very common. This makes it possible to create a complete honeynet on one physical machine, a virtual honeynet
  • 14.  The Honeynet Project defines two types of virtual honeynets, self-contained and hybrid ([HOV03]). A self- contained virtual honeynet is an entire honeynet network onto a single machine, see figure 1. This means that both the Honeywall and the honeypots are on the same machine. This also brings a risk. If an attacker somehow discovered the host machine andcompromised it, your complete honeynet will be useless. So you have a Single Point of Failure. If something goes wrong with the hardware for example, your whole honeynet will be down. Figure 1. A self-contained virtual honeynet setup
  • 15.  There is the hybrid virtual honeynet. With hybrid virtual honeynet, the Honeywall is a separate machine, illustrated in figure 2. All the honeypots are on running on the same machine using virtualization. This solution is more secure, because the attacker could only access the other honeypots on the virtual machine. The Honeywall will be save on a separate machine. But this makes this solution also less portable then a self- contained virtual honeynet. Figure 2. A hybrid virtual honeynet setup
  • 16. Examples of honeypots Examples of freeware honeypots include: 1. Deception Toolkit6: DTK was the first Open Source honeypot released in 1997. It is a collection of Perl scripts and C source code that emulates a variety of listening services. Its primary purpose is to deceive human attackers. 2. LaBrea7: This is designed to slow down or stop attacks by acting as a sticky honeypot to detect and trap worms and other malicious codes. It can run on Windows or Unix. 3. Honeywall CDROM8: The Honeywall CDROM is a bootable CD with a collection of open source software. It makes honeynet deployments simple and effective by automating the process of deploying a honeynet gateway known as a Honeywall. It can capture, control and analyse all inbound and outbound honeynet activity. 4. Honeyd9: This is a powerful, low-interaction Open Source honeypot, and can be run on both UNIX-like and Windows platforms. It can monitor unused IPs, simulate operating systems at the TCP/IP stack level, simulate thousands of virtual hosts at the same time, and monitor all UDP and TCP based ports.
  • 17. Examples of honeypots.  http://www.all.net/dtk/index.html  http://labrea.sourceforge.net/labrea-info.html  http://www.honeynet.org/tools/cdrom  http://www.honeyd.org/ 5. Honeytrap10 : This is a low-interactive honeypot developed to observe attacks against network services. It helps administrators to collect information regarding known or unknown network-based attacks.
  • 18. Examples of honeypots cont. 6. HoneyC11: This is an example of a client honeypot that initiates connections to a server, aiming to find malicious servers on a network. It aims to identify malicious web servers by using emulated clients that are able to solicit the type of response from a server that is necessary for analysis of malicious content. 7. HoneyMole12: This is a tool for the deployment of honeypot farms, or distributed honeypots, and transport network traffic to a central honeypot point where data collection and analysis can be undertaken.
  • 19. Conclusion A Valuable Resource To be Compromised Gains Info. About Attackers and their Strategies Need for Tight Supervision Honeypot is primarily a research tool, but also has a real commercial applications. The honey pot set in the company's Web or mail server IP address on the adjacent, you can understand that it suffered the attack. reduce the data to be analyzed. For the usual website or mail server, attack traffic is usually overwhelmed by legitimate traffic. Thus, browsing data to identify the actual behavior of the attacker also much easier.
  • 20. References [DVK+06] P. Defibaugh-Chavez, R. Veeraghattam, M.Kannappa, S. Mukkamala, A. H. Sung, “NetworkBased Detection of Virtual Environments and low Interaction Honeypots”, In 2006 IEEE InformationAssurance Workshop, pages 283-289, IEEE, 2006. [GV06] R. McGrew, R.B. Vaughn, Experiences With HoneypotSystems: Development, Deployment, and Analysis,System Sciences, 2006. Proceedings of the 39th Annual Hawaii International Conference, pages 220a-220a, IEEE, 2006. [HOG05] The Honeynet Project, Know Your Enemy: GenIIHoneynets, http://www.honeynet.nl/papers/gen2/index.html (07-12-2006), The Honeynet Project 2005. [Hon06] Honeynet Project, “Know your Enemy: Honeynets”, http://www.honeynet.nl/papers/honeynet/index.html, (3-10-2006), Honeynet Project, 2006.