Nowadays the tools of Honeypots are not reliable as before, because an attacker with some knowledge can detect it and override its power. So if I want something with the same characteristics as the honeypot, what would I use ?
Asked
Active
Viewed 1,596 times
3
-
1There are many kinds of honeypots, and not all are detectable because some are simply a real server in a fake environment. Can you explain what you want a honeypot to do? – schroeder Apr 17 '15 at 19:46
-
I'm finishing this year my college in information security , and my end of course work is exactly this topic " anti- honeypots " , based on some studies I've been doing as of modules service breaks in SEBEK honeynets , detection honeynets , snort - inlines detection among others; all characteristics of a real honeynet – Matheus Gonçalves Apr 17 '15 at 19:51
-
1That didn't clarify anything at all... – David Houde Apr 17 '15 at 20:28
-
1So, my answer is: don't use a pre-programmed honeypot - use a normal server and export the logs. Any attempt to connect or use the honeypot is an incident and it is completely undetectable as a honeypot. But, from your question, I have no idea if that answer is helpful or not. – schroeder Apr 17 '15 at 20:30