Access "Using HoneyD configurations to build honeypot systems"
Honeypots are a useful tool for learning about attackers' techniques and motives. The latest cool tool in the honeypot1 toolbox is an incredibly flexible traffic manipulation engine called "honeyd," authored by Niels Provos of the University of Michigan . Honeyd allows you to construct networks of computers that don't exist. It can fool Nmap and ICMP scanners and build incredibly powerful honeypot systems--all running on a single low-end computer. How does it work? Honeyd functions best in cooperation with Dug Song's arpd--a tool for spoofing ARP traffic. ARP spoofing is used for "capturing" the IP address of a machine that doesn't exist, and directing traffic aimed at that machine somewhere else. Arpd automates this process for honeyd, allowing honeyd to reliably "see" traffic for entire networks at a time. Honeyd listens for traffic aimed at an address arpd has captured, interacting with it as if it were a real host. ICMP, TCP and UDP traffic is handled within the honeyd application, so there's no stress on the underlying system's real IP stack. Honeyd "... Access >>>
Premium Content for Free.
Microsoft security improving, while Trustworthy security lacks effort
by Lawrence M. Walsh
Microsoft is making significant strides to clean up its security mess, but Trustworthy Computing still has a long way to go.
Microsoft's internal auditor discusses the company's IT security outlook
Scott Charney is Microsoft's internal auditor, see what he and his team control.
NetIQ's five-point security architecture
Even with expanded support and agents, NetIQ's SIM product remains a Windows-centric solution.
- Microsoft security improving, while Trustworthy security lacks effort by Lawrence M. Walsh
Microsoft Security Response Center revamps its patch processes
Microsoft Security Response Center revamps its advisory and patch processes.
Profile: Symantec CEO John Thompson
Symantec's CEO breaks business and cultural barriers in his drive to build a security superpower.
How to address enterprise IT security concerns with executives
Five tips to win friends and influence C-level execs in your organization.
- Microsoft Security Response Center revamps its patch processes
Next-generation security awareness training
by Andrew Briney
Put your posters and buttons away. A more effective solution is at your fingertips.
Hacking in 2003: Examining this year's hacking techniques
A look at the foibles, follies and felons of infosec in 2003.
Using HoneyD configurations to build honeypot systems
by Marcus J. Ranum, Contributor
Spoofing, diversion and obfuscation are all part of honeyd's powerful arsenal.
Detecting a Linux server hack
by Jay Beale, Contributor
Learn how to detect if your Linux server have been hacked or compromised.
Tips and tricks for IDS deployment best practices
by Jack Danahy, Contributor
Intrusion detection remains an over-hyped technology because most companies have no idea what to do with it.
- Next-generation security awareness training by Andrew Briney
More Premium Content Accessible For Free
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...