“Among other benefits, running a honeynet makes one acutely
aware about ‘what is going on’ out there. While placing a network
IDS outside one’s firewall might also provide a similar flood of
alerts, a honeypot provides a unique prospective on what will be
going on when a related server is compromised used by the
intruders.“As a result of our research, many gigabytes of network traffic
dumps are piling up on the hard drives, databases are filling with
alerts, rootkits and exploit-pack collections are growing.“This paper is an attempt to informally summarize what was
happening to our exposed Linux machine connected to the Internet.
The moment is even more appropriate since we are now changing the
platform of the victim machine.. Our Linux honeypot survived
dozens, if not more, system compromises including several massive
outbound denial-of-service attacks (all blocked by the firewall!),
major system vulnerability scanning and serving as an Internet
Relay Chat (IRC) server for Romanian hackers–and other exciting
stuff…”
LinuxSecurity: Days of the Honeynet: Attacks, Tools, Incidents
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis