Honey C and Honey D - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

Honey C and Honey D

Description:

... C is a low Interaction honey pot developed at Victoria University of Wellington ... Honeypots: Honey C and Honey D. Conclusion. Honey D can boast of an ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 8
Provided by: xav852
Category:
Tags: honey | honeypot

less

Transcript and Presenter's Notes

Title: Honey C and Honey D


1
Honey C and Honey D
2
Honey C
  • Honey C is a low Interaction honey pot developed
    at Victoria University of Wellington by Christian
    Seifert. Honey C consist of three components
  • Visitor
  • Queue
  • Analysis Engine

3
How Honey C works
  • We mentioned the three components of the Honey C
    in the previous slide. The Visitor is
    responsible for interacting with the servers. The
    queue creates a queue of servers for the visitor
    to interact with using several algorithms like
    crawling and search engine integration. The
    Analysis Engine is responsible for checking to
    see if the security policy was violated after the
    visitor interacts with each server.

4
Honey D
  • Honey D is a small daemon that creates virtual
    hosts on a network. The hosts can be configured
    to run arbitrary services, and their personality
    can be adapted so that they appear to be running
    certain operating systems. Honey D enables a
    single host to claim multiple addresses. It has
    been tested on up to 65,536 on an LAN network
    simulation. It improves security by providing
    threat detection and assessments.

5
Honey D Features
  • Simulates thousands of virtual hosts at the same
    time.
  • Configuration of arbitrary services via simple
    configuration file
  • Includes proxy connects.
  • Passive fingerprinting to identify remote hosts.
  • Random sampling for load scaling.
  • Simulates operating systems at TCP/IP stack
    level
  • Fools nmap and xprobe,
  • Adjustable fragment reassembly policy,
  • Adjustable FIN-scan policy.
  • Simulation of arbitrary routing topologies
  • Configurable latency and packet loss.
  • Assymetric routing.
  • Integration of physical machines into topology.
  • Distributed Honeyd via GRE tunneling.
  • Subsystem virtualization
  • Run real UNIX applications under virtual Honeyd
    IP addresses web servers, ftp servers, etc...
  • Dynamic port binding in virtual address space,
    background initiation of network connections,
    etc.

6
Conclusion
  • Honey D can boast of an impeccable feature set.
    When compared to the three component set of Honey
    C. However Honey D is more complex making it more
    vulnerable to errors. If I were to pick one for
    security purposes it would have to be Honey
    because it allows one to do more.

7
References
  • Honey D
  • http//www.honeyd.org/general.php
  • Honey C
  • https//projects.honeynet.org/honeyc/wiki/AboutHon
    eyC
  • Front Page Picture
  • http//allianceinvestigationsgroup.com/images/comp
    uter20security.jpg
Write a Comment
User Comments (0)
About PowerShow.com