Honeypots for Windows (Books for Professionals by Professionals)
| ||||||||||||
| ||||||||||||
| | |||||
As you’ll learn soon, Honeyd has a multitude of options, but its plethora of configuration settings can be daunting for the first-time user. However, after you’ve used it a few times, you will understand the basics of how it operates, and find it fun and enjoyable.
I could have chosen an easier to configure honeypot to use in the next few chapters, but I chose Honeyd for the following reasons:
-
Honeyd is the most popular honeypot in use today.
-
It has more features and flexibility than most other honeypots.
-
Installing and configuring Honeyd will increase your understanding of honeypots and how they function.
-
Once you learn Honeyd, you will be able to optimally install and configure most other honeypots.
Honeyd’s strength is its granularity and modular design. You can pick what you want it to do and when. Honeyd administrators modify its configuration as their knowledge matures or their requirements change. Not all honeypots can grow, change, and scale as easily as Honeyd. Many honeypots are stuck mimicking the OSs they were coded to emulate. Other honeypots don’t use emulation and let the host PC be directly attacked and probed.
If you would rather use a very easy to install honeypot, but without the flexibility of Honeyd, consider one of the Windows honeypot programs covered in Chapter 8.
| | |||||