Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Fun Things To Do With Your Honeypot System 136

Posted by Zonk from the more-than-just-keeping-bees dept.
An anonymous reader writes "Whitedust is running an interesting article on honeypots and their uses. From the article: 'Most papers deal with the potential gains a honeypot can give you, and the proper way to monitor a honeypot. Not very many of them deal with the honeypots themselves... Honeypots can be used to ensnare and beguile potential hackers; entice them to give you more research information, and actively defend your production network."" From the article: "Once an attacker has taken all the trouble to set up shop on your honeypot, he'll probably want to see what else there is to play with. If your honeypot is like most traditional honeypots, there's not much for an attacker to do once he gets in. What you really want if for the attacker to transfer down all the other toys in his arsenal so you can have a copy as well. Giving an attacker additional targets with various operating systems and services can help him decide to give you his toys. The targets can be real, but you'll get almost as much mileage if they're simulated. A good place to start is to put a phantom private network up hung off the back of the honeypot."
This discussion has been archived. No new comments can be posted.

Fun Things To Do With Your Honeypot System More

Fun Things To Do With Your Honeypot System

Comments Filter:

  • What is Honeypot (Score:3, Informative)

    by in2mind ( 988476 ) on Sunday July 30, 2006 @02:31PM (#15812329) Homepage
    For those who dont know what a honeypot is: [From Wikipedia.]

    ____________________________________________
    Honeypot is literally the term for a container of honey but is used in several different ways, often playing off the image of sweetness being used as a lure:

    * A computer system set up as a trap for attackers; see Honeypot (computing)
    * Traps designed to catch conventional criminals; see honey trap

  • Re:What is Honeypot (Score:2, Informative)

    by portmapper ( 991533 ) on Sunday July 30, 2006 @02:40PM (#15812380)
    A honey trap is fun to prepare, but beware of actually beeing exploited. To limit damage, it will help to put a transparent firewall in front of the honeypot and start blocking (perhaps allow a few outbound connections, and then block). You don't want your owned honeyput as a base of attack, do you? The OpenBSD [openbsd.org] packet filter [openbsd.org] has the needed funcionality using an OS that does not have a few local root kernel exploits a month.

  • Re:And a fun way to get free warze. (Score:4, Informative)

    by Anonymous Coward on Sunday July 30, 2006 @04:31PM (#15812946)
    I'm surprised a /.'er would recommend VMware, with XEN the clear winner in the honeypot niche. Just check out The Potemkin Honeyfarm [honeyblog.org] for more info... These guys are actually able to deploy an image is less than a second and do all sorts of whacky business to delude hackers into believing they're roaming the internet freely :-)

  • Honeypot considerations (Score:2, Informative)

    by Dryanta ( 978861 ) on Sunday July 30, 2006 @05:11PM (#15813154) Journal
    Make sure that everything rlogs to an append-only hardened blackbox with a high securelevel. Preferably obsd. Also, make sure you have banners that will hold up in court. A honeypot is not something to be viewed as 'extra work' for a network administrator, but ESSENTIAL when combined with a few IDS sensors. It is the way to keep on top of your overall network security, and gives you a few extra IP blocks to add to your overall firewall ruleset. If you are really lucky, you will bring down some asshat that tries to compromise the network you have spent all those hours configuring and hardening.

Slashdot Top Deals

If a train station is a place where a train stops, what's a workstation?

Close