Honeypots mailing list archives

Re: Question

From: Lance Spitzner <lance () honeynet org>
Date: Mon, 18 Aug 2003 10:38:29 -0500 (CDT)

On Mon, 18 Aug 2003 Motayyam79 () aol com wrote:

I have a query. Can anyone tell me the difference between low interaction honeypots and middle interaction honeypots? 
I am finding it confusing to distinguish between the two. do they both emulate network services? are they both 
software running on operating systems?


Hmm, I'm beginning to think the concept of 'medium' or 'middle'
interaction may be a bad term.  It may be better to just think in
terms of 'low' interaction and 'high' interaction.  Low interaction
being emulated (Specter, KFSensor, Tiny Honeypot), high interaction 
being real systems or applications (ManTrap, Honeynets).

You could use the term 'medium' interaction where the lines blur.  For 
example, a chroot'd environment or FreeBSD jail, where you create a
controlled environment that is a subset of a real one.  Another example is 
Honeyd's subsystem command, which gives an attacker real applications to 
interact with.  That is my impression of what 'medium' is.  I'm not
sure if the term helps one understand honeypot capabilities better, or 
just makes it more confusing.

lance

Current thread:

Question Motayyam79 (Aug 18)
- Re: Question Richard Stevens (Aug 18)
- Re: Question Lance Spitzner (Aug 18)
  - Re: Question Tom Wright (Aug 19)
- RE: Question Faiz Ahmad Shuja (Aug 18)
- <Possible follow-ups>
- question Motayyam79 (Aug 21)
  - Re: question Sam Varughese (Aug 21)
  - RE: question Faiz Ahmad Shuja (Aug 21)
- RE: question Sergey V. Gordeychik (Aug 21)
- question Motayyam79 (Sep 01)
  - Re: question Valdis . Kletnieks (Sep 01)
- RE: question Nick Duda (Sep 01)