Honeypots mailing list archives
Re: Honeyclients info
From: Kathy Wang <knwang () synacklabs net>
Date: Wed, 22 Jun 2005 17:37:58 -0400
Hi all, To follow up on a previously posted thread... Just wanted to let you know that I did present on honeyclients at RECON (http://www.recon.cx) this past Saturday. Overall, the audience response was very positive - and everyone seemed to have something to say about honeyclients. There is now a project page for honeyclient development. It is located at http://www.honeyclient.org At that site, you can download the latest honeyclient tarball, and join the mailing list for honeyclients. The talk slides are also available for download. I look forward to talking with you. Kathy On Wed, Apr 20, 2005 at 09:57:18PM -0400, Kathy Wang <knwang () synacklabs net> stated:
Hi David, On Wed, Apr 20, 2005 at 07:20:35PM -0500, David Jiménez Domínguez <djdsecurity () gmail com> stated:Hi Kathy!! As I can see, is like looking for attacks from HTTP, FTP, DNS servers..... (If I'm not wrong)Yes, you're correct here.but, does the idea is to do the scan by itself (like a spider) or while I'm using my web browser?While you could do it either way, I'm implementing mine as a spider.Is it going to report the events to a centralized sever... (may be a honeyserver)?Right now, there is no centralized server, but it could certainly be done that way.It looks like a interesting idea... just like dinamic honeypots....Thanks, and I'm looking forward to seeing what you think when it is released. Kathy2005/4/20, Kathy Wang <knwang () synacklabs net>:Hi David, Saw your message, and thought I should respond... I first came up with the concept of honeyclients back in November of last year, as a way to detect new attacks. As great as the honeypot technology is, I consider it to be a passive device. This means it sits on the network, and waits. Many users nowadays are experiencing attacks from malicious servers, and existing honeypots cannot detect these types of attacks. Honeyclients are the opposite of honeypots. The purpose of a honeyclient is to go out and hit servers, thus looking for bad stuff. These servers can serve HTTP or other services such as DNS, FTP, P2P, etc. I wrote a whitepaper last year about the types of attacks that can be detected using honeyclients, and plan on releasing a honeyclient tool at RECON. Unfortunately, I cannot release the whitepaper at this time. The honeyclient will be a BSD-licensed HTTP honeyclient, so you'll be able to try it out for yourself, shortly. Kathy On Wed, Apr 20, 2005 at 01:09:39PM -0500, David Jiménez Domínguez <djdsecurity () gmail com> stated:Hi folks!!! Do you know what a honeyclient is?? What is the difference between a high-interaction honeypot and a honeyclient? Do yo have docs about it? In Recon 2005 there is a speaker (Kathy Wang) who is going to speak about it, but I'm not going to be there.... I have seen that some honetnet projects are moving to this kind of technology.... but what is it? ------------------ David.
Current thread:
- Honeyclients info David Jiménez Domínguez (Apr 20)
- Re: Honeyclients info Kathy Wang (Apr 20)
- Re: Honeyclients info David Jiménez Domínguez (Apr 20)
- Re: Honeyclients info Kathy Wang (Apr 20)
- Re: Honeyclients info Thorsten Holz (Apr 21)
- Re: Honeyclients info Kathy Wang (Jun 22)
- Re: Honeyclients info David Jiménez Domínguez (Apr 20)
- Re: Honeyclients info Kathy Wang (Apr 20)
- <Possible follow-ups>
- RE: Honeyclients info Stejerean, Cosmin (Apr 20)