You are previewing Honeypots: Tracking Hackers.
O'Reilly logo
Honeypots: Tracking Hackers

Book Description

"The text is comprehensive, an honest survey of every honeypot technology I had ever heard of and a number I read about for the first time."
--Stephen Northcutt, The SANS Institute

"One of the great byproducts of Lance's work with honeypots and honeynets is that he's helped give us a much clearer picture of the hacker in action."
--From the Foreword by Marcus J. Ranum

"From the basics of shrink-wrapped honeypots that catch script kiddies to the detailed architectures of next-generation honeynets for trapping more sophisticated bad guys, this book covers it all....This book really delivers new information and insight about one of the most compelling information security technologies today."
--Ed Skoudis, author of Counter Hack, SANS instructor, and Vice President of Security Strategy for Predictive Systems

Honeypots are unique technological systems specifically designed to be probed, attacked, or compromised by an online attacker. Implementing a honeypot provides you with an unprecedented ability to take the offensive against hackers. Whether used as simple "burglar alarms," incident response systems, or tools for gathering information about hacker motives and tactics, honeypots can add serious firepower to your security arsenal.

Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter™, Honeyd, Homemade honeypots, ManTrap®, and Honeynets.

Honeypots also includes a chapter dedicated to legal issues surrounding honeypot use. Written with the guidance of three legal experts, this section explores issues of privacy, entrapment, and liability. The book also provides an overview of the Fourth Amendment, the Electronic Communications Privacy Act, the Wiretap Act, and the Pen/Trap Statute, with an emphasis on how each applies to honeypots.

With this book you will gain an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment. You will arm yourself with the expertise needed to track attackers and learn about them on your own. Security professionals, researchers, law enforcement agents, and members of the intelligence and military communities will find this book indispensable.


Table of Contents

  1. Copyright
  2. Foreword: Giving the Hackers a Kick Where It Hurts
  3. Preface
  4. The Sting: My Fascination with Honeypots
    1. The Lure of Honeypots
    2. How I Got Started with Honeypots
    3. Perceptions and Misconceptions of Honeypots
    4. Summary
    5. References
  5. The Threat: Tools, Tactics, and Motives of Attackers
    1. Script Kiddies and Advanced Blackhats
    2. Everyone Is a Target
    3. Methods of Attackers
    4. Motives of Attackers
    5. Adapting and Changing Threats
    6. Summary
    7. References
  6. History and Definition of Honeypots
    1. The History of Honeypots
    2. Definitions of Honeypots
    3. Summary
    4. References
  7. The Value of Honeypots
    1. Advantages of Honeypots
    2. Disadvantages of Honeypots
    3. The Role of Honeypots in Overall Security
    4. Honeypot Policies
    5. Summary
    6. References
  8. Classifying Honeypots by Level of Interaction
    1. Tradeoffs Between Levels of Interaction
    2. Low-Interaction Honeypots
    3. Medium-Interaction Honeypots
    4. High-Interaction Honeypots
    5. An Overview of Six Honeypots
    6. Summary
    7. References
  9. BackOfficer Friendly
    1. Overview of BOF
    2. The Value of BOF
    3. How BOF Works
    4. Installing, Configuring, and Deploying BOF
    5. Information Gathering and Alerting Capabilities
    6. Risk Associated with BOF
    7. Summary
    8. Tutorial
    9. References
  10. Specter
    1. Overview of Specter
    2. The Value of Specter
    3. How Specter Works
    4. Installing and Configuring Specter
    5. Deploying and Maintaining Specter
    6. Information-Gathering and Alerting Capabilities
    7. Risk Associated with Specter
    8. Summary
    9. References
  11. Honeyd
    1. Overview of Honeyd
    2. Value of Honeyd
    3. How Honeyd Works
    4. Installing and Configuring Honeyd
    5. Deploying and Maintaining Honeyd
    6. Information Gathering
    7. Risk Associated with Honeyd
    8. Summary
    9. References
  12. Homemade Honeypots
    1. An Overview of Homemade Honeypots
    2. Port-Monitoring Honeypots
    3. Jailed Environments
    4. Summary
    5. References
  13. ManTrap
    1. Overview of ManTrap
    2. The Value of ManTrap
    3. How ManTrap Works
    4. Installing and Configuring ManTrap
    5. Deploying and Maintaining ManTrap
    6. Information Gathering
    7. Risk Associated with ManTrap
    8. Summary
    9. References
  14. Honeynets
    1. Overview of Honeynets
    2. The Value of Honeynets
    3. How Honeynets Work
    4. Honeynet Architectures
    5. Sweetening the Honeynet
    6. Deploying and Maintaining Honeynets
    7. Information Gathering: An Example Attack
    8. Risk Associated with Honeynets
    9. Summary
    10. References
  15. Implementing Your Honeypot
    1. Specifying Honeypot Goals
    2. Selecting a Honeypot
    3. Determining the Number of Honeypots
    4. Selecting Locations for Deployment
    5. Implementing Data Capture
    6. Logging and Managing Data
    7. Using NAT
    8. Mitigating Risk
    9. Mitigating Fingerprinting
    10. Summary
    11. References
  16. Maintaining Your Honeypot
    1. Alert Detection
    2. Response
    3. Data Analysis
    4. Updates
    5. Summary
    6. References
  17. Putting It All Together
    3. Summary
    4. References
  18. Legal Issues
    1. Are Honeypots Illegal?
    2. Precedents
    3. Privacy
    4. Entrapment
    5. Liability
    6. Summary
    7. References
    8. Resources
  19. Future of Honeypots
    1. From Misunderstanding to Acceptance
    2. Improving Ease of Use
    3. Closer Integration with Technologies
    4. Targeting Honeypots for Specific Purposes
    5. Expanding Research Applications
    6. A Final Caveat
    7. Summary
    8. References
  20. Back Officer Friendly ASCII File of Scans
  21. Snort Configuration File
  22. IP Protocols
  23. Definitions, Requirements, and Standards Document
    1. PURPOSE
  24. Honeynet Logs