Defeating Honeypots: Network Issues, Part 2

by Laurent Oudot, Thorsten Holz
Sept. 25, 2017 1 comment Symantec Detection & Response honeypots

It is a difficult problem to deploy honeypots, technology used to track hackers, that cannot be detected. The value of a honeypot is in its ability to remain undetected. In part one of this article we introduced some of the issues related to discovering and fingerprinting honeypots, and then we discussed a few examples such as tarpits and virtual machines. Now we'll continue the discussion with more practical examples for detecting honeypots, including Sebek-based honeypots, snort_inline, Fake AP, and Bait and Switch honeypots.

2flash 4 months, 3 weeks ago

I liked better part one. In part two it seems that the author is a bit pushed by the deadline....