Re: Honeyclients info

[David Jiménez Domínguez <djdsecurity () gmail com>]

Hi Kathy!!

As I can see, is like looking for attacks  from HTTP, FTP, DNS
servers..... (If I'm not wrong)

but, does the idea is to do the scan by itself (like a spider) or
while I'm using my web browser?

Is it going to report the events to a centralized sever... (may be a
honeyserver)?

It looks like a interesting idea... just like dinamic honeypots....



2005/4/20, Kathy Wang <knwang () synacklabs net>:
> Hi David,
>
> Saw your message, and thought I should respond...
>
> I first came up with the concept of honeyclients back in November
> of last year, as a way to detect new attacks. As great as the honeypot
> technology is, I consider it to be a passive device. This means it
> sits on the network, and waits. Many users nowadays are experiencing
> attacks from malicious servers, and existing honeypots cannot detect
> these types of attacks.
>
> Honeyclients are the opposite of honeypots. The purpose of a honeyclient
> is to go out and hit servers, thus looking for bad stuff. These servers
> can serve HTTP or other services such as DNS, FTP, P2P, etc.
>
> I wrote a whitepaper last year about the types of attacks that can be
> detected using honeyclients, and plan on releasing a honeyclient tool
> at RECON. Unfortunately, I cannot release the whitepaper at this time.
> The honeyclient will be a BSD-licensed HTTP honeyclient, so you'll be
> able to try it out for yourself, shortly.
>
> Kathy
>
> On Wed, Apr 20, 2005 at 01:09:39PM -0500, David Jiménez Domínguez <djdsecurity () gmail com> stated:
> > Hi folks!!!
> >
> > Do you know what a honeyclient is??
> >
> > What is the difference between a high-interaction honeypot and a honeyclient?
> >
> > Do yo have docs about it?
> >
> > In Recon 2005 there is a speaker (Kathy Wang) who is going to speak
> > about it, but I'm not going to be there.... I have seen that some
> > honetnet projects are moving to this kind of technology.... but what
> > is it?
> >
> > ------------------
> > David.