[ Thanks to Dave
Wreski for this link. ]
“Over the past several years the Honeynet Project has been
dedicated to learning and the tools, tactics, and motives of the
blackhat community and sharing the lessons learned. The primary
tool used to gather this information is the Honeynet. The purpose
of this paper is to discuss what a Honeynet is, its value to the
security community, how it works, and the risks/issues
involved.“
“It is hoped that the security community can use the techniques
discussed here to learn for themselves about the blackhat
community. It is also hoped that the security community can take
the methods and techniques discussed here and improve them, thereby
improving the effectiveness of Honeynets and our ability to learn
more about the enemy. However, we want to be sure that
organizations are also aware of the many risks and issues involved
with a Honeynet.”
“A Honeynet is a tool for learning. It is a network of
production systems designed to be compromised. Once compromised,
this information is captured and analyzed to learn about the
blackhat community. This idea is similar to honeypots, but there
are several differences. A honeypot is a system designed to be
attacked, usually for the purpose of deception or alerting of
blackhat activity. Generally, honeypots are systems that emulate
known vulnerabilities, emulate other systems, or are modified
production systems that create caged environments. Examples of such
honeypots are The Deception Toolkit, CyberCop Sting, and antrap.
Deception Toolkit is a collection of scripts that emulate known
vulnerabilities. CyberCop Sting is a NT box that emulates the IP
stack and inetd of various systems. Mantrap modifies a Solaris
system to create several caged environments. These are all
excellent solutions, however they are limited, focusing primarily
on alerting and deception. (Note, of the three, we feel that
Mantrap has the most potential to also be used as a research tool,
however it is has certain limitations). “