Re: Honeyclients info

[Kathy Wang <knwang () synacklabs net>]

Hi David,

On Wed, Apr 20, 2005 at 07:20:35PM -0500, David Jiménez Domínguez <djdsecurity () gmail com> stated:
> Hi Kathy!!
>
> As I can see, is like looking for attacks  from HTTP, FTP, DNS
> servers..... (If I'm not wrong)

Yes, you're correct here.

> but, does the idea is to do the scan by itself (like a spider) or
> while I'm using my web browser?

While you could do it either way, I'm implementing mine as a spider.
 
> Is it going to report the events to a centralized sever... (may be a
> honeyserver)?

Right now, there is no centralized server, but it could certainly
be done that way.

> It looks like a interesting idea... just like dinamic honeypots....

Thanks, and I'm looking forward to seeing what you think when it
is released.

Kathy

> 2005/4/20, Kathy Wang <knwang () synacklabs net>:
> > Hi David,
> >
> > Saw your message, and thought I should respond...
> >
> > I first came up with the concept of honeyclients back in November
> > of last year, as a way to detect new attacks. As great as the honeypot
> > technology is, I consider it to be a passive device. This means it
> > sits on the network, and waits. Many users nowadays are experiencing
> > attacks from malicious servers, and existing honeypots cannot detect
> > these types of attacks.
> >
> > Honeyclients are the opposite of honeypots. The purpose of a honeyclient
> > is to go out and hit servers, thus looking for bad stuff. These servers
> > can serve HTTP or other services such as DNS, FTP, P2P, etc.
> >
> > I wrote a whitepaper last year about the types of attacks that can be
> > detected using honeyclients, and plan on releasing a honeyclient tool
> > at RECON. Unfortunately, I cannot release the whitepaper at this time.
> > The honeyclient will be a BSD-licensed HTTP honeyclient, so you'll be
> > able to try it out for yourself, shortly.
> >
> > Kathy
> >
> > On Wed, Apr 20, 2005 at 01:09:39PM -0500, David Jiménez Domínguez <djdsecurity () gmail com> stated:
> > > Hi folks!!!
> > >
> > > Do you know what a honeyclient is??
> > >
> > > What is the difference between a high-interaction honeypot and a honeyclient?
> > >
> > > Do yo have docs about it?
> > >
> > > In Recon 2005 there is a speaker (Kathy Wang) who is going to speak
> > > about it, but I'm not going to be there.... I have seen that some
> > > honetnet projects are moving to this kind of technology.... but what
> > > is it?
> > >
> > > ------------------
> > > David.