Evolution from a honeypot to a distributed honey net

2005-08-01

Oliver Auerbach

H+BEDV, Germany

Editor: Helen Martin

Abstract

For increased intrusion detection efficiency, more and more honeypots must be set up in different locations, especially in different subnets. Usually this requires a large amount of administration effort, involving fine-tuning each of the honeypots' behaviour each time a new infection technique or exploit is discovered. This article describes how one company managed to extend their simple honeypot, designed to capture worms, to an easy manageable honey net.

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

Magazine


	August 2005 PDF Please register to download the PDF Comment The future's bright for (ex-)virus writers Technical feature Code emulation in network intrusion detection/prevention systems Feature Evolution from a honeypot to a distributed honey net Q & A revisited Deconstructing Windows Mobile The Microsoft Windows CE platform Comparative review VB Comparative: Netware 6.5 - August 2005 See also Virus Bulletin archives How to become a subscriber Reprints

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB100 certification


	This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details. See full results.

Virus Bulletin currently has 224,245 registered users.

Fighting malware and spam

Evolution from a honeypot to a distributed honey net

Oliver Auerbach

PDF

Comment

Technical feature

Feature

Q & A revisited

Comparative review

See also