Learn, hack!

URL

http://events.ccc.de/congress/2004/fahrplan/files/208-anti-honeypot-technology-slides.pdf

File name

208-anti-honeypot-technology-slides.pdf

File size

1.3 MB

MD5

77b9e59b53f9be6f68f0afca6c9cd318

SHA1

cdd5d1a17f9090788781ef708fb87265277c50cd

Current Honeypot-based tools have a huge disadvantage: Attackers can detect honeypots with simple techniques and are to some extent also able to circumvent and disable the logging mechanisms. On the basis of some examples, we will show methods for attackers to play with honeypots. Honeypots / Honeynets are one of the more recent toys in the white-hat arsenal. These tools are usually assumed to be hard to detect and attempts to detect or disable them can be unconditionally monitored. The talk sheds some light on how attackers usually behave when they want to defeat honeypots. We will encompass the process of identifying and circumventing current honeypot technology and demonstrate several ways to achieve this. The focus will be on Sebek-based honeypots, but we will also show some ways how to accomplish similar results on different honeypot-architectures. Upon completion of this lecture, the attendees will have some insight in the limitations of current honeypot technology. Individuals or organization that would like to setup or harden their own lines of deception-based defense with the help of honeypots will see some constraints on the reliability and stealthiness of honeypots. On the other side, people with more offensive mindsets will get several ideas on how to identify and exploit honeypots.