Honeypots mailing list archives
Re: Question
From: Lance Spitzner <lance () honeynet org>
Date: Mon, 18 Aug 2003 10:38:29 -0500 (CDT)
On Mon, 18 Aug 2003 Motayyam79 () aol com wrote:
I have a query. Can anyone tell me the difference between low interaction honeypots and middle interaction honeypots? I am finding it confusing to distinguish between the two. do they both emulate network services? are they both software running on operating systems?
Hmm, I'm beginning to think the concept of 'medium' or 'middle' interaction may be a bad term. It may be better to just think in terms of 'low' interaction and 'high' interaction. Low interaction being emulated (Specter, KFSensor, Tiny Honeypot), high interaction being real systems or applications (ManTrap, Honeynets). You could use the term 'medium' interaction where the lines blur. For example, a chroot'd environment or FreeBSD jail, where you create a controlled environment that is a subset of a real one. Another example is Honeyd's subsystem command, which gives an attacker real applications to interact with. That is my impression of what 'medium' is. I'm not sure if the term helps one understand honeypot capabilities better, or just makes it more confusing. lance
Current thread:
- Question Motayyam79 (Aug 18)
- Re: Question Richard Stevens (Aug 18)
- Re: Question Lance Spitzner (Aug 18)
- Re: Question Tom Wright (Aug 19)
- RE: Question Faiz Ahmad Shuja (Aug 18)
- <Possible follow-ups>
- question Motayyam79 (Aug 21)
- Re: question Sam Varughese (Aug 21)
- RE: question Faiz Ahmad Shuja (Aug 21)
- RE: question Sergey V. Gordeychik (Aug 21)
- question Motayyam79 (Sep 01)
- Re: question Valdis . Kletnieks (Sep 01)
- RE: question Nick Duda (Sep 01)