Issue No. 06 - November-December (2003 vol. 1)
Bill McCarty , Azusa Pacific University
<p>In July 2003, the Honeynet Project released version 2 of its data-capture tool, Sebek. Several days later, the self-described blackhat group that calls itself the Phrack High Council released a counterfeit issue of the online hacker periodical Phrack Magazine. (The URL for the authentic Phrack is www.phrack.org; the counterfeit issue is at www.phrack.nl/phrack62.) The issue included an article titled "Local Honeypot Identification" that criticized Sebek's effectiveness and that of honeynets in general. Although the means of distributing the fake issue were irregular and the article was littered with puerile humor and gratuitous inflammatory remarks, it did raise several significant issues worthy of discussion. This month's installment of the Honeynet Files describes Sebek and makes the case that despite the fake Phrack issue's claims, both Sebek and honeynets are useful to network security engineers and researchers.</p>
honeynets, data capture, data-capture tools
B. McCarty, "The Honeynet Arms Race," in IEEE Security & Privacy, vol. 1, no. , pp. 79-82, 2003.