Honeypots mailing list archives
Virtual Honeypots book available
From: Niels Provos <provos () citi umich edu>
Date: Tue, 31 Jul 2007 21:49:22 -0400
Hi everyone, please, apologize the advertising, but I am very happy to announce that the "Virtual Honeypots" book that Thorsten Holz and I have been working on for the last two years is finally available. The book deals with high- and low-interaction honeypots and focuses on Honeyd, malware collection, client-side honeypots, botnet tracking, and many other topics. You can order it from your favorite bookstore, look it up in your library or get it from Amazon: http://tinyurl.com/2eb9ff (includes honeyd referral) Here is what Lance wrote about it: "Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need." I included the table of contents below. If you end up reading the book, please let Thorsten and me know how you liked it. Thanks, Niels. Table of Contents Preface xiii Acknowledgments xxi About the Authors xxiii Chapter 1 Honeypot and Networking Background 1 1.1 Brief TCP/IP Introduction 1 1.2 Honeypot Background 7 1.3 Tools of the Trade 13 Chapter 2 High-Interaction Honeypots 19 2.1 Advantages and Disadvantages 20 2.2 VMware 22 2.3 User-Mode Linux 41 2.4 Argos 52 2.5 Safeguarding Your Honeypots 62 2.6 Summary 69 Chapter 3 Low-Interaction Honeypots 71 3.1 Advantages and Disadvantages 72 3.2 Deception Toolkit 73 3.3 LaBrea 74 3.4 Tiny Honeypot 81 3.5 GHH-Google Hack Honeypot 87 3.6 PHP.HoP-A Web-Based Deception Framework 94 3.7 Securing Your Low-Interaction Honeypots 98 3.8 Summary 103 Chapter 4 Honeyd-The Basics 105 4.1 Overview 106 4.2 Design Overview 109 4.3 Receiving Network Data 112 4.4 Runtime Flags 114 4.5 Configuration 115 4.6 Experiments with Honeyd 125 4.7 Services 129 4.8 Logging 131 4.9 Summary 134 Chapter 5 Honeyd-Advanced Topics 135 5.1 Advanced Configuration 136 5.2 Emulating Services 139 5.3 Subsystems 142 5.4 Internal Python Services 146 5.5 Dynamic Templates 148 5.6 Routing Topology 150 5.7 Honeydstats 154 5.8 Honeydctl 156 5.9 Honeycomb 158 5.10 Performance 160 5.11 Summary 161 Chapter 6 Collecting Malware with Honeypots 163 6.1 A Primer on Malicious Software 164 6.2 Nepenthes-A Honeypot Solution to Collect Malware 165 6.3 Honeytrap 197 6.4 Other Honeypot Solutions for Learning About Malware 204 6.5 Summary 207 Chapter 7 Hybrid Systems 209 7.1 Collapsar 211 7.2 Potemkin 214 7.3 RolePlayer 220 7.4 Research Summary 224 7.5 Building Your Own Hybrid Honeypot System 224 7.6 Summary 230 Chapter 8 Client Honeypots 231 8.1 Learning More About Client-Side Threats 232 8.2 Low-Interaction Client Honeypots 241 8.3 High-Interaction Client Honeypots 253 8.4 Other Approaches 263 8.5 Summary 272 Chapter 9 Detecting Honeypots 273 9.1 Detecting Low-Interaction Honeypots 274 9.2 Detecting High-Interaction Honeypots 280 9.3 Detecting Rootkits 302 9.4 Summary 305 Chapter 10 Case Studies 307 10.1 Blast-o-Mat: Using Nepenthes to Detect Infected Clients 308 10.2 Search Worms 327 10.3 Red Hat 8.0 Compromise 332 10.4 Windows 2000 Compromise 343 10.5 SUSE 9.1 Compromise 351 10.6 Summary 357 Chapter 11 Tracking Botnets 359 11.1 Bot and Botnet 101 360 11.2 Tracking Botnets 373 11.3 Case Studies 376 11.4 Defending Against Bots 387 11.5 Summary 390 Chapter 12 Analyzing Malware with CWSandbox 391 12.1 CWSandbox Overview 392 12.2 Behavior-Based Malware Analysis 394 12.3 CWSandbox-System Description 401 12.4 Results 405 12.5 Summary 413 Bibliography 415 Index 423
Current thread:
- Virtual Honeypots book available Niels Provos (Aug 01)