Chapter 3: Windows Honeypot Modeling

skip navigation

honeypots for windows
Chapter 3 - Windows Honeypot Modeling
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

Overview

When a hacker probes your honeypot, it is crucial that it appears to be a legitimate Windows host. This is fairly easy to set up if you use a real honeypot running real Windows software, but not as straightforward if you’re running an emulated honeypot. Because the world of honeypots is so Unix-centric, you won’t find much information (beyond this book) about how to configure an emulated honeypot so it looks like the real McCoy.

When deploying a real honeypot using a Windows OS, you can simply deploy the software and services to mimic real production computers. However, there is significantly more to it than meets the eye, as you will learn in Chapter 4. The task becomes inherently harder when using an emulated honeypot, as we will do with Honeyd in Chapters 5 through 7.

This chapter is about emulating the right ports and applications for your Windows honeypot scenario. It provides an overview of the common Windows network services and TCP/IP ports that you can choose to run and emulate. Some services and applications, like NetBIOS and Exchange Server, will be covered in detail.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net