Honeypots mailing list archives
Re: Question
From: Richard Stevens <mail () richardstevens de>
Date: Mon, 18 Aug 2003 17:26:53 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I have a query. Can anyone tell me the difference between low interaction honeypots and middle interaction honeypots? I am finding it confusing to distinguish between the two. do they both emulate network services? are they both software running on operating systems?
I'm not sure if the following distiction meets everyones understanding but I usually describe the two the following way: Low Interaction: Fully emulated services without functionality. You get a banner or login and password prompts but there is no way the emulated service actually offers functionality, e.g. permit some sort of shell after telnet login. You'd always get a permission denied in case of telnet. Medium Interaction: MI-honeypots offer limited simulated services but still not the real thing. An example would be an emulated webserver that offers enough functionality for a worm to "think" it's a valid target and drop of the payload but actually starting it would be impossible. Another example would be a successful telnet login that simulates some sort of unix system, maybe in a jail or completely simulated. Whatever solution is chosen, you still don't have the real thing. Medium interaction is everything between simple banners and the real service. I think this is an interesting question. I'd be interested in other people's thoughts on this. Regards, Richard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/QPBBCfA4EwqVdIQRAjw7AKC7tGnN+UE34ckBZQ9y6tPo11xL2QCfSwT1 pjUUTXMZTlClmkN2gA9DtOI= =uwl1 -----END PGP SIGNATURE-----
Current thread:
- Question Motayyam79 (Aug 18)
- Re: Question Richard Stevens (Aug 18)
- Re: Question Lance Spitzner (Aug 18)
- Re: Question Tom Wright (Aug 19)
- RE: Question Faiz Ahmad Shuja (Aug 18)
- <Possible follow-ups>
- question Motayyam79 (Aug 21)
- Re: question Sam Varughese (Aug 21)
- RE: question Faiz Ahmad Shuja (Aug 21)
- RE: question Sergey V. Gordeychik (Aug 21)
- question Motayyam79 (Sep 01)
- Re: question Valdis . Kletnieks (Sep 01)
- RE: question Nick Duda (Sep 01)