Honeypots mailing list archives
Honeyd Techreport
From: Niels Provos <provos () citi umich edu>
Date: Tue, 4 Nov 2003 13:32:08 -0500
Hi, A new CITI Techreport A Virtual Honeypot Framework http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf is available now. The tech report describes the design and implementation of Honeyd in detail and explains how Honeyd can be used in various areas of system security, for example to combat worms or to prevent spam. It shows simulations on how active immunization of infected hosts via Honeyd honeypots can decrease and stop the spread of worms. This paper is fairly technical but should give anyone who is interested in understanding how Honeyd works a good reference. You can find more information at http://www.citi.umich.edu/u/provos/honeyd/ http://www.honeyd.org/ I plan on releasing a new Honeyd version this month. It is going to have a whole bunch of very nice new features. Some of them are - Passive Fingerprinting: This allows Honeyd to detect which operating system a host is using when talking to Honeyd. - Tarpit: A simple flag in the configuration can turn any TCP port into a very slow tarpit. - Dynamic Templates: Honeyd can choose how to present itself to a remote host based on several conditions. For example, you could present Windows services to a Windows host and Unix services to a Unix host. You can make certain hosts be reachable only during business hours, etc... There is going to be at least one other new feature that is going to be really exciting :-) Niels.
Current thread:
- Honeyd Techreport Niels Provos (Nov 05)
- Re: Honeyd Techreport Christian Kreibich (Nov 06)