|
Honeypots
mailing list archives
Re: Honeyclients info
From: David Jiménez Domínguez <djdsecurity () gmail com>
Date: Wed, 20 Apr 2005 19:20:35 -0500
Hi Kathy!!
As I can see, is like looking for attacks from HTTP, FTP, DNS
servers..... (If I'm not wrong)
but, does the idea is to do the scan by itself (like a spider) or
while I'm using my web browser?
Is it going to report the events to a centralized sever... (may be a
honeyserver)?
It looks like a interesting idea... just like dinamic honeypots....
2005/4/20, Kathy Wang <knwang () synacklabs net>:
Hi David,
Saw your message, and thought I should respond...
I first came up with the concept of honeyclients back in November
of last year, as a way to detect new attacks. As great as the honeypot
technology is, I consider it to be a passive device. This means it
sits on the network, and waits. Many users nowadays are experiencing
attacks from malicious servers, and existing honeypots cannot detect
these types of attacks.
Honeyclients are the opposite of honeypots. The purpose of a honeyclient
is to go out and hit servers, thus looking for bad stuff. These servers
can serve HTTP or other services such as DNS, FTP, P2P, etc.
I wrote a whitepaper last year about the types of attacks that can be
detected using honeyclients, and plan on releasing a honeyclient tool
at RECON. Unfortunately, I cannot release the whitepaper at this time.
The honeyclient will be a BSD-licensed HTTP honeyclient, so you'll be
able to try it out for yourself, shortly.
Kathy
On Wed, Apr 20, 2005 at 01:09:39PM -0500, David Jiménez Domínguez <djdsecurity () gmail com> stated:
Hi folks!!!
Do you know what a honeyclient is??
What is the difference between a high-interaction honeypot and a honeyclient?
Do yo have docs about it?
In Recon 2005 there is a speaker (Kathy Wang) who is going to speak
about it, but I'm not going to be there.... I have seen that some
honetnet projects are moving to this kind of technology.... but what
is it?
------------------
David.
 By Date 
By Thread
Current thread:
|
Intro
