Implementing Data Capture
Regardless of the purpose of your honeypot, one of its functions will be to capture information. For simple production honeypots, this information can be as basic as the IP address of the attacking system, time and date of the attack, and the service attacked. For more advanced research honeypots, the data captured can be far more extensive—everything from new toolkits to the attacker’s keystrokes. The data you capture and how much of it you capture can be critical to the success of your honeypot deployment.
Maximizing the Amount of Data
In general, configure your honeypot to capture as much information as possible. You will be surprised how often the seemingly obscure information turns out to be of great importance. ...
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
