Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

Detecting Medium Interaction Honeypots

Types of Honeypots

Low

High

Medium

"The key feature of Medium Interaction Honeypots is application layer virtualization. These kind of honeypots do not aim at fully simulating a fully operational system environment, nor do they implement all details of an application protocol. All that these kind of honeypots do is to provide sufficient responses that known exploits await on certain ports that will trick them into sending their payload." (Wicherski, 2006)

Investigation Possibilities

  • Incongriuities between the honeypot service and the host's transport layer
  • Incongruities between the honeypot service and other services offered by the host
  • Unique implementation of the service
  • Errors or omissions of the service's protocol

"Tod Beardsley" <todb@metasploit.com>

Full Operating System

Transport Layer

Limited Scope

Virtual or Real

LaBrea

Huge Hassle to Maintain

No application awarenes

Easy to Run

Limited Fidelity

Real

Kippo

References

http://www.pixel-house.net/midinthp.pdf

http://code.google.com/p/kippo/

Learn more about creating dynamic, engaging presentations with Prezi