A growing
number of honeypots are being used in the area of research. The Honeynet Project is the
leader of this effort and has formed an alliance with many other organizations. Daily,
traffic is being captured, analyzed, and shared with other security professionals. The
idea here is to observe the attackers in a fishbowl and to learn from their activities in
order to better protect networks as a whole. The area of honeypot research has driven the
concept to new technologies and techniques.
We will set up a research honeypot later in this chapter in order to catch some
malware for analysis.
Limitations
As attractive as the concept of honeypots sounds, there is a downside. The disadvantages
of honeypots are as follows.
Limited Viewpoint
The honeypot will only see what is directed at it. It may sit for months or years and not
notice anything. On the other hand, case studies available on the Honeynet home page
describe attacks within hours of placing the honeypot online. Then the fun begins; however,
if an attacker can detect that she is running in a honeypot, she will take her toys and leave.
Gray Hat Hacking: The Ethical Hacker??™s Handbook
502
Chapter 20: Collecting Malware and Initial Analysis
503
PART V
Risk
Anytime you introduce another system onto the network there is a new risk imposed.
Pages:
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878