O'Reilly logo

Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Thorsten Holz, Niels Provos

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Honeyd — The Basics

4.1 Overview

4.2 Design Overview

4.3 Receiving Network Data

4.4 Runtime Flags

4.5 Configuration

4.6 Experiments with Honeyd

4.7 Services

4.8 Logging

4.9 Summary

Honeyd is a framework to instrument thousands of Internet addresses with virtual honeypots and corresponding network services. Usually, we configure Honeyd to instrument-unallocated IP addresses on an existing network. For each IP address, we can tell Honeyd how we want the simulated computer to behave. For example, we could set up a virtual web server that seems to run Linux and listens on port 80. We could create a virtual honeypot on another IP address with a network stack that looks like Windows on which all TCP ports seem to be running services. This ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required