The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - July-August (2004 vol.2)
pp: 72-78
Frederic Raynal , MISC Magazine
Yann Berthier , Herv? Schauer Consultant
Philippe Biondi , Arche/Omnetica Group
Danielle Kaminsky , TEGAM International
ABSTRACT
A major goal of honeypot research is to improve our knowledge of blackhats from two perspectives: technical and ethnological. For the former, we want new ways to discover rootkits, trojans, and potential zero-day exploits (although capturing zero-day exploits in a honeypot is an unusual event). For the latter, we want a better understanding of the areas of interest and hidden links between blackhat teams. One way to achieve these goals is to increase the verbosity of our honeypot logs and traces; the most common tools for doing this are Sebek (http://project.honeynet.org/tools/sebek/) for system events and Snort (www.snort.org) for network activity. Unfortunately, there is no easy way to correlate information from these sources, which complicates honeypot forensics.
INDEX TERMS
honeynets, honeypots, blackhat
CITATION
Frederic Raynal, Yann Berthier, Philippe Biondi, Danielle Kaminsky, "Honeypot Forensics Part I: Analyzing the Network", IEEE Security & Privacy, vol.2, no. 4, pp. 72-78, July-August 2004, doi:10.1109/MSP.2004.47
23 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool