The Community for Technology Leaders
Green Image
Issue No. 04 - July-August (2004 vol. 2)
ISSN: 1540-7993
pp: 72-78
Philippe Biondi , Arche/Omnetica Group
Danielle Kaminsky , TEGAM International
Frederic Raynal , MISC Magazine
Yann Berthier , Herv? Schauer Consultant
ABSTRACT
A major goal of honeypot research is to improve our knowledge of blackhats from two perspectives: technical and ethnological. For the former, we want new ways to discover rootkits, trojans, and potential zero-day exploits (although capturing zero-day exploits in a honeypot is an unusual event). For the latter, we want a better understanding of the areas of interest and hidden links between blackhat teams. One way to achieve these goals is to increase the verbosity of our honeypot logs and traces; the most common tools for doing this are Sebek (http://project.honeynet.org/tools/sebek/) for system events and Snort (www.snort.org) for network activity. Unfortunately, there is no easy way to correlate information from these sources, which complicates honeypot forensics.
INDEX TERMS
honeynets, honeypots, blackhat
CITATION
Philippe Biondi, Danielle Kaminsky, Frederic Raynal, Yann Berthier, "Honeypot Forensics Part I: Analyzing the Network", IEEE Security & Privacy, vol. 2, no. , pp. 72-78, July-August 2004, doi:10.1109/MSP.2004.47
91 ms
(Ver 3.1 (10032016))