Value of Honeyd
As a low-interaction honeypot, Honeyd is primarily a production honeypot, used to detect attackers. Its model for detection is the same as most low-interaction honeypots. When a connection is made to a port it is listening on, that connection is logged, the attacker’s activity is captured, and an alert is generated. Because the services listening on the ports have some level of emulation, we can capture the attacker’s interaction with the service, similar to Specter.
However, Honeyd has two advantages that increase its value. The first is that it can detect connections on any TCP port. The emulated services are not required for detection; they exist only for interaction with attackers and to gain more information. This makes ...
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
