Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Virtual Honeypots", Niels Provos/Thorsten Holz

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKVRTHNP.RVW 20070930 Virtual Honeypots , Niels Provos/Thorsten Holz, 2008, 0-321-33632-1, U$49.99/C$61.99 %A Niels Provos %A Thorsten Holz %C P.O.
    Message 1 of 1 , Jan 7, 2008
      BKVRTHNP.RVW 20070930

      "Virtual Honeypots", Niels Provos/Thorsten Holz, 2008, 0-321-33632-1,
      %A Niels Provos
      %A Thorsten Holz
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2008
      %G 0-321-33632-1 978-0-321-33632-3
      %I Addison-Wesley Publishing Co.
      %O U$49.99/C$61.99 800-822-6339 617-944-3700 bkexpress@...
      %O http://www.amazon.com/exec/obidos/ASIN/0321336321/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0321336321/robsladesin03-20
      %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 440 p.
      %T "Virtual Honeypots: From Botnet Tracking to Intrusion Detection"

      Right off the top you have to question the reliability of research
      that credits, in the preface, Robert Morris with "inventing" (in the
      course of creating the Internet Worm of 1988) the buffer overflow.

      Chapter one provides some background information for honeypot
      operation, with a very terse review of some basic TCP/IP protocols,
      descriptions of some common honeypot types, and a few tools that can
      be used for data capture and analysis. High-interaction honeypots are
      defined (by the authors in chapter two) as virtual machines that can
      provide (to the attacker or intruder) as much, or as little,
      functionality as you wish. A number of such machines are described,
      mostly in terms of installation. Overviews (and installation
      instructions) for a variety of specialized and limited emulators are
      given in chapter three. Chapter four introduces the honeyd program
      that is widely used for creating multiple virtual machines on a single
      computer. Advanced functions of honeyd are discussed in chapter five.

      Chapter six examines the possibilities for collecting malware with
      honeypots, specifically the nepenthes and honeytrap programs. Some
      systems for presenting apparently extensive functionality without
      risking the danger of a compromise are explained in chapter seven.
      Emulation of the activity of an active computer or Internet user
      (rather than a passive server) is the idea behind client honeypots as
      outlined in chapter eight.

      Indications that betray the presence or operation of a honeypot are
      discussed in chapter nine. Some experiences using honeypots are noted
      in chapter ten. Chapter eleven specifically examines the use of
      honeypots to discover the functions and activity of botnets.
      CWSandbox, a tool for the analysis of malware, is explored in chapter

      The classic text in the field of honeypots is, of course, "Know Your
      Enemy" (cf. BKKNYREN.RVW). That volume does not go into specific
      details of construction in the way that Spitzer's "Honeypots" (cf.
      BKHNYPOT.RVW) or even Grimes' "Honeypots for Windows" (cf.
      BKHNPTWN.RVW) does. However, between them the existing works provide
      a solid background, and this tome adds little to the mix. The
      addition of client honeypots is valuable, but the writing and
      explanations provide little that will be of help to those trying to
      use the technology.

      copyright Robert M. Slade, 2007 BKVRTHNP.RVW 20070930

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      DYNAMIC LINKING ERROR: Your mistake is now everywhere.
    Your message has been successfully submitted and would be delivered to recipients shortly.