SlideShare a Scribd company logo

Honeypots

J
Jayant Gandhi

This document provides an overview of honeypots, which are security resources that are intended to be probed, attacked, or compromised in order to gather information about attackers. Honeypots can be used to learn about past attacks, detect currently occurring attacks, and identify new types of attacks. They work by monitoring any traffic to resources that are not expected to receive data. Honeypots have advantages like reducing false alarms and providing data for analysis, but also have disadvantages like narrow visibility and risks of the attacker using the honeypot to attack other systems. The document discusses different types of honeypots including low and high interaction honeypots, and specific honeypot tools like Honeyd and Honeynets.

BusinessTechnology
1 of 22
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Honeypots Jayant Kumar Gandhi - www.jkg.in Himanshu Bhatnagar Sachin Gajjar Sameek Banerjee Shashwat Agrawal http://www.jkg.in/eel702/presentation.ppt
Agenda Motivation Definition Advantages/ Disadvantages Types
Motivation Key to effective intrusion detection is information Learn more about past attacks Detect currently occurring attacks Identify new types of attacks Do all this in real time
Definition “ Any security resource who’s value lies in being probed, attacked, or compromised” – L. Spitzner, Honeypots: Tracking Hackers , ISBN 0-321-10895-7
How honeypots work A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
Advantages Reduce false positives and false negatives Data value Resources Simplicity
Disadvantages Narrow Field of View Fingerprinting Risk
Types Production (Law enforcement) Research (Counter-intelligence)
Production Honeypots Prevention Detection Response
Research Honeypots Early warning and prediction Discover new tools and tactics Understanding motives, behavior and organization Develop analysis and forensic skills
Level of Interaction Level of interaction determines the amount of functionality a honeypot provides Low Interaction Less learning, complexity and risk High Interaction High learning, complexity and risk
Risk Attacker can compromise your honeypot to harm, attack or infiltrate other systems and organizations
Low Interaction Provide emulated services No operating system to access Information limited to transactional information and attackers activities with the emulated services
High Interaction Provides actual Operating Systems Learn extensive amount of information Extensive risk
Honeyd Low-interaction honeypot Runs on a single computer Simulates a group of virtual machines Simulates the physical network between them Simulates only the network stack of each machine Intended primarily to fool fingerprinting tools
Honeyd Fingerprinting Attackers often try to learn more about a system before attacking it Can determine a machine’s operating system by “testing” its network behavior How the initial TCP sequence number is created Response packets for open and closed ports Configuration of packet headers Common fingerprinting tools: Nmap, Xprobe
Honeynets High-interaction honeypots Network of real machines (honeypots) Honeywall – a gateway between honeypots and rest of the world
Legal issues Privacy Entrapment Liability
Legal Mumbo Jumbo Design template is Copyright © 2006 Jayant Kumar Gandhi (www.jkg.in) Clip art is Copyright © 2006 Microsoft Corporation All trademarks, registered trademarks are acknowledged and are property of their respective owners
Bibliography Robert Graham, Network intrusion detection systems, 2000. http://www.robertgraham.com/pubs/network-intrusion-detection.html David Klug, Honeypots and intrusion detection. http://www.sans.org./infosecFAQ/intrusion/honeypots.htm Christian Plattner Reto Baumann, White paper: Honeypots. http://www.rbaumann.net,http://www.christianplattner.net Lance Spitzner, Honeypots: Tracking hackers ISBN: 0-321-10895-7 Lance Spitzner, Intrusion detection, 2000. http://www.enteract.com/lspitz/ids.html Lance Spitzner, Know your enemy: I, ii and iii, 2000 http://www.project.honeynet.org/papers
Questions?
http://www.jkg.in/contact-me/ Uploaded on SlideShare.net for the public.

More Related Content

PPTX
Honeypots
SARANYA S
 
PPTX
Honeypot ppt1
samrat saurabh
 
PPTX
Honeypot
Sushan Sharma
 
PPT
Honeypots
J. Scott Christianson
 
PPT
All about Honeypots & Honeynets
Mehdi Poustchi Amin
 
PPTX
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
PPTX
Honeypots
Gaurav Gupta
 
PPTX
Honey po tppt
Arya AR
 
Honeypots
SARANYA S
 
Honeypot ppt1
samrat saurabh
 
Honeypot
Sushan Sharma
 
Honeypots
J. Scott Christianson
 
All about Honeypots & Honeynets
Mehdi Poustchi Amin
 
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
Honeypots
Gaurav Gupta
 
Honey po tppt
Arya AR
 

What's hot (20)

PDF
Honeypots for Network Security
Kirubaburi R
 
PPTX
Honeypots and honeynets
Rasool Irfan
 
PPTX
Honeypot
Shashwat Shriparv
 
PPT
Honeypot
Akhil Sahajan
 
PDF
Virtual honeypot
Elham Hormozi
 
PPTX
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
PDF
Ch 5: Port Scanning
Sam Bowne
 
PPT
Honeypot honeynet
Sina Manavi
 
PPT
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
PPTX
Honeypots
SARANYA S
 
PPTX
Machine learning in Cyber Security
RajathV2
 
PPTX
Dos attack
Manjushree Mashal
 
PPTX
Understanding NMAP
Phannarith Ou, G-CISO
 
PPTX
Honeypot ss
Kajal Mittal
 
PPTX
honey pots introduction and its types
Vishal Tandel
 
PPTX
Honeypot based intrusion detection system PPT
parthan t
 
PPTX
Honey pots
Divya korrapati
 
PPTX
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Jowin John Chemban
 
PDF
Ransomware attacks
Texas Medical Liability Trust
 
PDF
Threat Intelligence
Deepak Kumar (D3)
 
Honeypots for Network Security
Kirubaburi R
 
Honeypots and honeynets
Rasool Irfan
 
Honeypot
Shashwat Shriparv
 
Honeypot
Akhil Sahajan
 
Virtual honeypot
Elham Hormozi
 
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
Ch 5: Port Scanning
Sam Bowne
 
Honeypot honeynet
Sina Manavi
 
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
Honeypots
SARANYA S
 
Machine learning in Cyber Security
RajathV2
 
Dos attack
Manjushree Mashal
 
Understanding NMAP
Phannarith Ou, G-CISO
 
Honeypot ss
Kajal Mittal
 
honey pots introduction and its types
Vishal Tandel
 
Honeypot based intrusion detection system PPT
parthan t
 
Honey pots
Divya korrapati
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Jowin John Chemban
 
Ransomware attacks
Texas Medical Liability Trust
 
Threat Intelligence
Deepak Kumar (D3)
 
Ad

Similar to Honeypots (20)

PPT
Srikanth
kondalarao7
 
PPTX
Honeypot2
KirtiGoyal25
 
PPTX
Honeypots.ppt1800363876
Momita Sharma
 
PPSX
Honeypot and deception
milad saber
 
PPT
Honeypot-A Brief Overview
SILPI ROSAN
 
PDF
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
PDF
Seminar Report on Honeypot
Amit Poonia
 
PPTX
Cyber warfare introduction
jagadeesh katla
 
PDF
Honeypots
Bilal ZIANE
 
PPTX
Tushar mandal.honeypot
tushar mandal
 
PDF
Honeypot 101 (slide share)
Emil Tan
 
DOCX
Honeypots
Jyoti Nagargoje
 
PDF
Hunt down the evil of your infrastructure
Bangladesh Network Operators Group
 
DOC
Honeypot Essentials
Anton Chuvakin
 
PPT
Lecture 7
Education
 
PPT
Honey Pot
iradarji
 
PDF
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
CyberPro Magazine
 
PPTX
Network Security Chapter-2 Computer Science.pptx
Abdul Rahim Ahmadi
 
PPT
TOTEM: Threat Observation, Tracking, and Evaluation Model
John Gerber
 
PPTX
Threat hunting for Beginners
SKMohamedKasim
 
Srikanth
kondalarao7
 
Honeypot2
KirtiGoyal25
 
Honeypots.ppt1800363876
Momita Sharma
 
Honeypot and deception
milad saber
 
Honeypot-A Brief Overview
SILPI ROSAN
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
Seminar Report on Honeypot
Amit Poonia
 
Cyber warfare introduction
jagadeesh katla
 
Honeypots
Bilal ZIANE
 
Tushar mandal.honeypot
tushar mandal
 
Honeypot 101 (slide share)
Emil Tan
 
Honeypots
Jyoti Nagargoje
 
Hunt down the evil of your infrastructure
Bangladesh Network Operators Group
 
Honeypot Essentials
Anton Chuvakin
 
Lecture 7
Education
 
Honey Pot
iradarji
 
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
CyberPro Magazine
 
Network Security Chapter-2 Computer Science.pptx
Abdul Rahim Ahmadi
 
TOTEM: Threat Observation, Tracking, and Evaluation Model
John Gerber
 
Threat hunting for Beginners
SKMohamedKasim
 
Ad

Recently uploaded (20)

PDF
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
PDF
Nidhal Samdaie CV - International Business Consultant
Nidhal Samdaie
 
PPTX
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
PPT
Chapter four Project-Preparation material
argachewbochena1
 
PDF
COST SHEET- Tender and Quotation unit 2.pdf
MANJU N
 
PDF
Training And Development of Employee .pdf
nivethavm864
 
PPTX
AI-assistance in Knowledge Collection and Curation supporting Safe and Sustai...
Barry Hardy
 
PDF
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
PDF
Stem Cell Market Report | Trends, Growth & Forecast 2025-2034
Claight Corporation
 
PDF
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
PDF
Unit 1 Cost Accounting - Cost sheet
MANJU N
 
PDF
Elevate Cleaning Efficiency Using Tallfly Hair Remover Roller Factory Expertise
farsookmon97766765
 
PDF
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PPTX
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
DOCX
unit 1 COST ACCOUNTING AND COST SHEET
MANJU N
 
PDF
A Brief Introduction About Julia Allison
Julia Allison
 
PPTX
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
DOCX
unit 2 cost accounting- Tender and Quotation & Reconciliation Statement
MANJU N
 
PPTX
The Marketing Journey - Tracey Phillips - Marketing Matters 7-2025.pptx
shannonzipoy2
 
PPTX
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
Nidhal Samdaie CV - International Business Consultant
Nidhal Samdaie
 
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
Chapter four Project-Preparation material
argachewbochena1
 
COST SHEET- Tender and Quotation unit 2.pdf
MANJU N
 
Training And Development of Employee .pdf
nivethavm864
 
AI-assistance in Knowledge Collection and Curation supporting Safe and Sustai...
Barry Hardy
 
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
Stem Cell Market Report | Trends, Growth & Forecast 2025-2034
Claight Corporation
 
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
Unit 1 Cost Accounting - Cost sheet
MANJU N
 
Elevate Cleaning Efficiency Using Tallfly Hair Remover Roller Factory Expertise
farsookmon97766765
 
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
unit 1 COST ACCOUNTING AND COST SHEET
MANJU N
 
A Brief Introduction About Julia Allison
Julia Allison
 
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
unit 2 cost accounting- Tender and Quotation & Reconciliation Statement
MANJU N
 
The Marketing Journey - Tracey Phillips - Marketing Matters 7-2025.pptx
shannonzipoy2
 
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 

Honeypots

  • 1. Honeypots Jayant Kumar Gandhi - www.jkg.in Himanshu Bhatnagar Sachin Gajjar Sameek Banerjee Shashwat Agrawal http://www.jkg.in/eel702/presentation.ppt
  • 2. Agenda Motivation Definition Advantages/ Disadvantages Types
  • 3. Motivation Key to effective intrusion detection is information Learn more about past attacks Detect currently occurring attacks Identify new types of attacks Do all this in real time
  • 4. Definition “ Any security resource who’s value lies in being probed, attacked, or compromised” – L. Spitzner, Honeypots: Tracking Hackers , ISBN 0-321-10895-7
  • 5. How honeypots work A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
  • 6. Advantages Reduce false positives and false negatives Data value Resources Simplicity
  • 7. Disadvantages Narrow Field of View Fingerprinting Risk
  • 8. Types Production (Law enforcement) Research (Counter-intelligence)
  • 9. Production Honeypots Prevention Detection Response
  • 10. Research Honeypots Early warning and prediction Discover new tools and tactics Understanding motives, behavior and organization Develop analysis and forensic skills
  • 11. Level of Interaction Level of interaction determines the amount of functionality a honeypot provides Low Interaction Less learning, complexity and risk High Interaction High learning, complexity and risk
  • 12. Risk Attacker can compromise your honeypot to harm, attack or infiltrate other systems and organizations
  • 13. Low Interaction Provide emulated services No operating system to access Information limited to transactional information and attackers activities with the emulated services
  • 14. High Interaction Provides actual Operating Systems Learn extensive amount of information Extensive risk
  • 15. Honeyd Low-interaction honeypot Runs on a single computer Simulates a group of virtual machines Simulates the physical network between them Simulates only the network stack of each machine Intended primarily to fool fingerprinting tools
  • 16. Honeyd Fingerprinting Attackers often try to learn more about a system before attacking it Can determine a machine’s operating system by “testing” its network behavior How the initial TCP sequence number is created Response packets for open and closed ports Configuration of packet headers Common fingerprinting tools: Nmap, Xprobe
  • 17. Honeynets High-interaction honeypots Network of real machines (honeypots) Honeywall – a gateway between honeypots and rest of the world
  • 18. Legal issues Privacy Entrapment Liability
  • 19. Legal Mumbo Jumbo Design template is Copyright © 2006 Jayant Kumar Gandhi (www.jkg.in) Clip art is Copyright © 2006 Microsoft Corporation All trademarks, registered trademarks are acknowledged and are property of their respective owners
  • 20. Bibliography Robert Graham, Network intrusion detection systems, 2000. http://www.robertgraham.com/pubs/network-intrusion-detection.html David Klug, Honeypots and intrusion detection. http://www.sans.org./infosecFAQ/intrusion/honeypots.htm Christian Plattner Reto Baumann, White paper: Honeypots. http://www.rbaumann.net,http://www.christianplattner.net Lance Spitzner, Honeypots: Tracking hackers ISBN: 0-321-10895-7 Lance Spitzner, Intrusion detection, 2000. http://www.enteract.com/lspitz/ids.html Lance Spitzner, Know your enemy: I, ii and iii, 2000 http://www.project.honeynet.org/papers