Summary
Specter is a commercial, low-interaction, production honeypot whose primary value is in detection. It also has secondary value in prevention—deceiving or deterring attackers. Its advantages and disadvantages are summarized in Table 7-1.
Advantages of Specter | Disadvantages of Specter |
---|---|
Easy to install, configure and deploy. | Monitors only 14 ports. |
Extensive service emulation. | Preprogrammed emulated services are limited to interacting with known behavior. |
Monitors twice as many ports as BOF. | Discrepancies with the IP stack and the emulated operating system can lead to fingerprinting. |
Outstanding notification capabilities. | Limitations on information collected, mainly to transactional information and the attacker’s ... |
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.