Summary
We have now discussed homemade honeypots, focusing on two types. The first, port monitoring, is a low-interaction honeypot primarily used for capturing malicious attacks and payload. Implementations vary, depending on whether they imitate a service or simply accept connections. The value is not in protecting an organization through detection but rather in providing research capabilities, gaining intelligence on threats that exist in cyberspace. This intelligence can then be used to mitigate the risk of a new threat.
The second type of homemade honeypot we focused on is jails, a medium-interaction solution. This functionality is limited mainly to Unix systems, using the command chroot(1). This command binds a process to a new subdirectory. ...
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
