Honeypots
Virtual Honeypots book available Aug 01 2007 01:49AM
Niels Provos (provos citi umich edu)
Hi everyone,

please, apologize the advertising, but I am very happy to announce that the
"Virtual Honeypots" book that Thorsten Holz and I have been working on for the
last two years is finally available. The book deals with high- and
low-interaction honeypots and focuses on Honeyd, malware collection,
client-side honeypots, botnet tracking, and many other topics. You can order it
from your favorite bookstore, look it up in your library or get it from
Amazon:

http://tinyurl.com/2eb9ff (includes honeyd referral)

Here is what Lance wrote about it: "Virtual Honeypots is the best reference for
honeypots today. Security experts Niels Provos and Thorsten Holz cover a large
breadth of cutting-edge topics, from low-interaction honeypots to botnets and
malware. If you want to learn about the latest types of honeypots, how they
work, and what they can do for you, this is the resource you need."

I included the table of contents below. If you end up reading the book,
please let Thorsten and me know how you liked it.

Thanks,
Niels.

Table of Contents

Preface xiii
Acknowledgments xxi
About the Authors xxiii

Chapter 1 Honeypot and Networking Background 1
1.1 Brief TCP/IP Introduction 1
1.2 Honeypot Background 7
1.3 Tools of the Trade 13

Chapter 2 High-Interaction Honeypots 19
2.1 Advantages and Disadvantages 20
2.2 VMware 22
2.3 User-Mode Linux 41
2.4 Argos 52
2.5 Safeguarding Your Honeypots 62
2.6 Summary 69

Chapter 3 Low-Interaction Honeypots 71
3.1 Advantages and Disadvantages 72
3.2 Deception Toolkit 73
3.3 LaBrea 74
3.4 Tiny Honeypot 81
3.5 GHH-Google Hack Honeypot 87
3.6 PHP.HoP-A Web-Based Deception Framework 94
3.7 Securing Your Low-Interaction Honeypots 98
3.8 Summary 103

Chapter 4 Honeyd-The Basics 105
4.1 Overview 106
4.2 Design Overview 109
4.3 Receiving Network Data 112
4.4 Runtime Flags 114
4.5 Configuration 115
4.6 Experiments with Honeyd 125
4.7 Services 129
4.8 Logging 131
4.9 Summary 134

Chapter 5 Honeyd-Advanced Topics 135
5.1 Advanced Configuration 136
5.2 Emulating Services 139
5.3 Subsystems 142
5.4 Internal Python Services 146
5.5 Dynamic Templates 148
5.6 Routing Topology 150
5.7 Honeydstats 154
5.8 Honeydctl 156
5.9 Honeycomb 158
5.10 Performance 160
5.11 Summary 161

Chapter 6 Collecting Malware with Honeypots 163
6.1 A Primer on Malicious Software 164
6.2 Nepenthes-A Honeypot Solution to Collect Malware 165
6.3 Honeytrap 197
6.4 Other Honeypot Solutions for Learning About Malware 204
6.5 Summary 207

Chapter 7 Hybrid Systems 209
7.1 Collapsar 211
7.2 Potemkin 214
7.3 RolePlayer 220
7.4 Research Summary 224
7.5 Building Your Own Hybrid Honeypot System 224
7.6 Summary 230

Chapter 8 Client Honeypots 231
8.1 Learning More About Client-Side Threats 232
8.2 Low-Interaction Client Honeypots 241
8.3 High-Interaction Client Honeypots 253
8.4 Other Approaches 263
8.5 Summary 272

Chapter 9 Detecting Honeypots 273
9.1 Detecting Low-Interaction Honeypots 274
9.2 Detecting High-Interaction Honeypots 280
9.3 Detecting Rootkits 302
9.4 Summary 305

Chapter 10 Case Studies 307
10.1 Blast-o-Mat: Using Nepenthes to Detect Infected Clients 308
10.2 Search Worms 327
10.3 Red Hat 8.0 Compromise 332
10.4 Windows 2000 Compromise 343
10.5 SUSE 9.1 Compromise 351
10.6 Summary 357

Chapter 11 Tracking Botnets 359
11.1 Bot and Botnet 101 360
11.2 Tracking Botnets 373
11.3 Case Studies 376
11.4 Defending Against Bots 387
11.5 Summary 390

Chapter 12 Analyzing Malware with CWSandbox 391
12.1 CWSandbox Overview 392
12.2 Behavior-Based Malware Analysis 394
12.3 CWSandbox-System Description 401
12.4 Results 405
12.5 Summary 413

Bibliography 415
Index 423

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus