Attracting Hackers

skip navigation

honeypots for windows
Chapter 2 - A Honeypot Deployment Plan
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

What should new honeypot administrators do to attract hackers to their honeypot? The short answer is to do nothing. As in the movie Field of Dreams, if you set up a honeypot, hackers will come to it.

If you expose your honeypot in such a way that the IP address of the honeypot and its ports are reachable from the Internet, it won’t be long before it is visited. The average public IP address on the Internet is probed dozens of times a day. The published statistics from many honeypot projects show more than a hundred probes a day, and most host compromises occur in under a week. Internet worm scans happen several times a day. Many honeypot administrators have recorded successful compromises occurring in less than 20 minutes.

Some impatient honeypot administrators have actively posted their honeypot’s location to hacker mailing lists and web sites, in order to jumpstart the process. Most legal authorities agree this is akin to entrapment, which is a defense that an arrested party can use to avoid conviction. This means that if those administrators who posted the location of their honeypot discovered some serious crime going on because of their honeypot, they might not be able to use the evidence collected against the hacker.

Of course, internal and production honeypots should never actively advertise their presence or invite hackers. It would defeat the main purpose of having the honeypot in the first place.

With the underlying honeypot design tenets in mind, now is the time to start defining the goals of your honeypot system.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net