Mitigating Fingerprinting
Another issue that honeypot technologies face is fingerprinting. Fingerprinting is when an attacker identifies a honeypot for its true purpose: a system designed to be attacked. For most organizations, mitigating signature detection is important. Once identified, a honeypot may lose its value. For example, if an attacker discovers a honeypot that is used to detect attacks, the attacker now knows to avoid any more activity with that system. Even worse, he may communicate that finding to other blackhats, who also now know to avoid detection by avoiding the honeypots. Signature detection is even more devastating for research honeypots. Attackers may avoid it or, worse, knowingly attack it with the intent to feed it bad ...
Get Honeypots: Tracking Hackers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
