Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Honeyd Techreport

From: Niels Provos <provos () citi umich edu>
Date: Tue, 4 Nov 2003 13:32:08 -0500
Hi,

A new CITI Techreport 

  A Virtual Honeypot Framework
  http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf

is available now.

The tech report describes the design and implementation of Honeyd in
detail and explains how Honeyd can be used in various areas of system
security, for example to combat worms or to prevent spam.  It shows
simulations on how active immunization of infected hosts via Honeyd
honeypots can decrease and stop the spread of worms.

This paper is fairly technical but should give anyone who is
interested in understanding how Honeyd works a good reference.
You can find more information at

  http://www.citi.umich.edu/u/provos/honeyd/
  http://www.honeyd.org/

I plan on releasing a new Honeyd version this month.  It is going to
have a whole bunch of very nice new features.  Some of them are

 - Passive Fingerprinting:  This allows Honeyd to detect which
   operating system a host is using when talking to Honeyd.

 - Tarpit: A simple flag in the configuration can turn any TCP
   port into a very slow tarpit.

 - Dynamic Templates:  Honeyd can choose how to present itself
   to a remote host based on several conditions.  For example,
   you could present Windows services to a Windows host and
   Unix services to a Unix host.  You can make certain hosts be
   reachable only during business hours, etc...

There is going to be at least one other new feature that is going
to be really exciting :-)

Niels.
Previous By Date Next
Previous By Thread Next

Current thread: