Casting Light on Honeypots

Previous page
Table of content
Next page

Before rushing to attack the chosen target, experienced hackers would carefully study their potential adversaries. This study consists of reconstruction of the network topology, determining locations where the main forces of their adversaries are concentrated, and trying to detect all honeypots. The main hacker tool at this stage is a port scanner, working through a "dumb" host and, consequently, reliably hiding the attacker's IP address (see Chapter 23 for more details).

As a rule, the hacker would discard servers that are obviously vulnerable, because most likely there would be honeypots among them. Even touching them is dangerous. The only exception can be made for main public servers located in the DMZ, because no one would think about combining them with honeypots. It should be noticed, however, that such servers can run intrusion-detection systems.

The safest method is to attack the workstations of a corporate network located after the firewall (if it is present in the network). In this case, the probability of encountering a honeypot is minimized. However, workstations contain considerably fewer holes than server applications; therefore, they have practically nothing to attack.


Previous page
Table of content
Next page
Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164
Authors: Kris Kaspersky
BUY ON AMAZON
Qshell for iSeries
SQL Tips & Techniques (Miscellaneous)
Developing Tablet PC Applications (Charles River Media Programming)
File System Forensic Analysis
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy