Sciweavers

AUSFORENSICS
2003

Honeyd - A OS Fingerprinting Artifice

14 years 28 days ago
Honeyd - A OS Fingerprinting Artifice
This research looks at the efficiency of the honeyd honeypot system to reliably deceive intruders. Honeypots are being used as frontline network intelligence and forensic analysis tools. A honeypots ability to reliably deceive intruders is a key factor in gathering reliable and forensically sound data. Honeyd’s primary deceptive mechanism is the use of the NMAP fingerprint database to provide bogus OS fingerprints to would be intruders. Tests conducted by the author on honeyd's ability to provide bogus fingerprints sees 78% of 704 signatures invalidated under heavy probing. However, the tests have left 152 viable signatures for producing hardened honeypot designs. Keywords honeypot, deception, honeyd, NMAP, fingerprinting, forensics, network forensics
Craig Valli
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2003
Where AUSFORENSICS
Authors Craig Valli
Comments (0)