Summary
Specter is a commercial, low-interaction, production honeypot whose primary value is in detection. It also has secondary value in prevention—deceiving or deterring attackers. Its advantages and disadvantages are summarized in Table 7-1.
| Advantages of Specter | Disadvantages of Specter |
|---|---|
| Easy to install, configure and deploy. | Monitors only 14 ports. |
| Extensive service emulation. | Preprogrammed emulated services are limited to interacting with known behavior. |
| Monitors twice as many ports as BOF. | Discrepancies with the IP stack and the emulated operating system can lead to fingerprinting. |
| Outstanding notification capabilities. | Limitations on information collected, mainly to transactional information and the attacker’s ... |
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
