honeypot is a closely monitored network decoy serving several purposes: it can
distract adversaries from more valuable machines on a network, provide early warning
about new attack and exploitation trends, or allow in-depth examination of adversaries
during and after exploitation of a honeypot.
a physical honeypot is often time intensive and expensive as different operating
systems require specialized hardware and every honeypot requires its own physical
system. This paper presents Honeyd, a framework for virtual honeypots that simulates
virtual computer systems at the network level.
simulated computer systems appear to run on unallocated network addresses. To
deceive network-fingerprinting tools, Honeyd simulates the networking stack of
different operating systems and can provide arbitrary routing topologies and services
for an arbitrary number of virtual systems.
detecting and disabling worms, distracting adversaries,or preventing the spread
of Spam email.
Back To Topics Page