Linux Today: Linux News On Internet Time.

RootPrompt.org: Building a Honeypot

Mar 20, 2000, 16:06 (3 Talkback[s])
(Other stories by Lance Spitzner)

[ Thanks to Noel for this link. ]

"This article is a follow up to the "Know Your Enemy" series. Many people from the Internet community asked me how I was able to track black-hats in the act of probing for and compromising a system. This paper discusses just that. Here I describe how I built, implemented, and monitored a honeypot network designed specifically to learn how black-hats work."

"What is a Honeypot?"

"For me, a honeypot is a system designed to teach how black-hats probe for and exploit a system. By learning their tools and methods, you can then better protect your network and systems. I do not use honeypots to capture the bad guy. I want to learn how they work without them knowing they are being watched. For me, a well designed honeypot means the black-hat never knew he was being tracked. There are a variety of different approaches on how you can do this. Mine is only one of many."

Complete Story

Related Stories: