Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

REVIEW: "Honeypots: Tracking Hackers", Lance Spitzner

From: InfoSec News <isn () c4i org>
Date: Tue, 11 Feb 2003 09:08:35 -0600 (CST)
Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKHNYPOT.RVW   20030126

"Honeypots: Tracking Hackers", Lance Spitzner, 2003, 0-321-10895-7,
U$44.99/C$69.99
%A   Lance Spitzner hostmaster () tracking-hackers com
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2003
%G   0-321-10895-7
%I   Addison-Wesley Publishing Co.
%O   U$44.99/C$69.99 800-822-6339 fax 617-944-7273 bkexpress () aw com
%O  http://www.amazon.com/exec/obidos/ASIN/0321108957/robsladesinterne
%P   452 p. + CD-ROM
%T   "Honeypots: Tracking Hackers"

Chapter one is an introduction to the honeypot concepts, and the story
of Spitzner's first attempt to run one.  An overview of attackers and
tools is given in chapter two.  A history of honeypots is provided in
chapter three, and a list of basic types.  Chapter four looks at the
benefits (and also the problems) of these types of programs.  The
types of honeypots are grouped into high, medium, and low
intereactivity, in chapter five.  The explanations given, in this
first section, are good and simple.  Tables and figures provided,
however, often require interpretation.

Chapters six to eleven are reviews and descriptions of honeypots and
related programs.  There is a tutorial on the setup and use of Back
Officer Friendly in chapter six.  Specter, in chapter seven, gets a
detailed review and a discussion of the program's options.  Chapter
eight discusses how honeyd emulates a network.  Port monitoring, with
netcat, and jails, using chroot, are covered in chapter nine.  Mantrap
cages are discussed in chapter ten.  Chapter eleven reviews two
generations of honeynets, with lots of details.

Chapter twelve examines choosing and camouflaging honeypots. 
Maintaining and using a honeypot is in chapter thirteen.  Chapter
fourteen presents a couple of "case studies," integrating material
from previous chapters.  There is a reasonable discussion of legal
issues in chapter fifteen.  Future directions for honeypots are
examined in chapter sixteen.

"Know Your Enemy" (cf BKKNYREN.RVW) presented a fascinating glimpse
into both honeypots and the blackhat community, but only a glimpse. 
This book provides much more detail into the inner workings, setup,
and technologies involved in sensors for detecting and dissecting
network intrusions.

copyright, Robert M. Slade, 2003   BKHNYPOT.RVW   20030126

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
          March 31, 2003           Indianapolis, IN




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: