摘要: A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on network, provide early warning about new attack and exploitation trends, or allow in-depth examination of during after honeypot. Deploying physical often time intensive expensive as different operating systems require specialized hardware every requires its own system. This paper presents Honeyd, framework for virtual honeypots that simulates computer at the level. The simulated appear to run unallocated addresses. To deceive fingerprinting tools, Honeyd networking stack arbitrary routing topologies services an number systems. discusses Honeyd's design shows how helps in many areas system security, e.g. detecting disabling worms, distracting adversaries, preventing spread spam email.
fit.edu 
foo.be 
acm.org 参考文章(20)
Robert Stone, Dug Song, Rob Malan, A Snapshot of Global Internet Worm Activity ,(2001)
Farnam Jahanian, G. Robert Malan, Matthew Smart, Defeating TCP/IP stack fingerprinting usenix security symposium. pp. 17- 17 ,(2000)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
L. Spitzner, Honeypots: Tracking Hackers ,(2002)
J. Postel, Transmission Control Protocol Internet Request for Comment (RFC793). ,vol. 793, pp. 1- 91 ,(1981)
K. Fall, Network emulation in the VINT/NS simulator international symposium on computers and communications. pp. 244- 250 ,(1999) , 10.1109/ISCC.1999.780820
Jeremy Sugerman, Beng-Hong Lim, Ganesh Venkitachalam, Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor usenix annual technical conference. pp. 1- 14 ,(2001)
P. Traina, D. Farinacci, S. Hanks, T. Li, Generic Routing Encapsulation over IPv4 networks RFC. ,vol. 1702, pp. 1- 4 ,(1994)
J. S. Quarterman, S. Carl-Mitchell, Using ARP to implement transparent subnet gateways RFC. ,vol. 1027, pp. 1- 8 ,(1987)