- The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 16, 2003

Windows 2003
Windows 2000
Windows XP
Book Reviews
Career Tools
Device Drivers
Hardware Guides
MCSE Toolkit
Service Packs
  Articles & Whitepapers
  Books on Security
  Disaster Recovery
  FAQ's & Tutorials
  Incident Response
  Intrusion Detection
  Legal Resources
  Online Seminars
  Password Security
  Penetration Testing
  Security Links
  Securing Networks
  Social Engineering



Honeypots & Honeynets

Honeypots are unsecured but isolated servers that act as a trap for hackers. They act as a "counter-intelligence" tool that can be used to identify what methods are being used by hackers to enter and exploit your network, and provides a framework for defending your network against those threats. Honeynets are a combination or a network of honeypots.
Where to Start
Honeypots: Definitions and Value of Honeypots
This paper discusses what honeypots are, how they can add value to an organization, and several honeypot solutions. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues. Also, few people realize the risk and issues involved with honeypots

Honeypotting with VMWare
Honeypots are becoming more common as security professionals attempt to conduct more detailed research on current "state of the art" practices among attackers. Honeypots are also invaluable for learning about an attackers motivations, their habits and patterns of behavior. Unfortunately setting up a proper honeypot is a non-trivial task, and correctly configuring network sensors to capture all data, as well as the resulting forensics tasks can be rather daunting. The good news is that there are a number of tools and techniques that can make life much easier for some honeypot administrators.

How to Build a Honeypot
An excellent and unique article by Lance Spitzner on how to create a lab environment to teach and learn how hackers test system vulnerabilities.

The Use of Honeypots and Packet Sniffers for Intrusion Detection
It is important to acknowledge the political and legal realities of using a honeypot and to keep the framework of this debate in mind when considering its use. Having said that, this paper centers on the technical aspects of such a system. This paper contains a discussion on definition of, objectives for, and the use of honeypots, the advantages and disadvantages of such a system, the various types of honeypots, and the use of a honeypot and sniffer detection system. Source: (April 15, 2001)

Honeynet Project: The Reverse Challenge
The Honeynet Project announced the Reverse Challenge, a new challenge that will let security practitioners compete by reverse engineering a binary file captured from the Internet. Source: WinInfo (May 2002)

Honeytokens: The Other Honeypot
The purpose of this series of honeypot papers by Lance Spitzer is to cover the breadth of honeypot technologies, values and issues. This article extends the capabilities even further by discussing the concept of honeytokens. Source:

Know Your Enemy: Honeynets
This paper focuses on what a Honeynet is, its value to the security community, how it works, and the risks/issues involved. This paper has been updated to include GenI, GenII, and Virtual Honeynet technologies. Source: (Jan 2003)

Know Your Enemy: Defining Virtual Honeynets
This paper defines what a Virtual Honeynet is, its advantages and disadvantages, and the different way they can be deployed. Source: (Jan 2003)

Know Your Enemy: Worms at War
See how worms probe for and compromise vulnerable Microsoft Windows systems. Based on the first Microsoft honeypot compromised in the Honeynet Project. Source:

Open Source Honeypots: Learning with Honeyd
Honeypots are an exciting new technology. They allow us to turn the tables on the bad guys, we can take the initiative. In the past several years there has been growing interest in exactly what this technology is and how it works. The purpose of this paper is to introduce you to honeypots and demonstrate their capabilities. We will begin by discussing what a honeypot is and how it works, then go into detail using the OpenSource solution Honeyd. Source: (Jan 2003)

Open Source Honeypots, Part Two: Deploying Honeyd in the Wild
This is the second part of a three-part series looking at Honeyd, an open source solution that is excellent for detecting attacks and unauthorized activity. This paper takes a closer look at Honeyd. The authors deploy Honeyd on the big, scary Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered. Source: (March 2003)

The Value of Honeypots, Part One: Definitions and Values of Honeypots
Offers a brief overview of honeypots, as well as the discussion of some their inherent strengths and weaknesses. Source: (Oct 10, 2001)

The Value of Honeypots, Part Two: Honeypot Solutions and Legal Issues
This is the second article in a two-part series that will offer an overview of honeypots: what they are, how they can add value to an organization, and several honeypot solutions. The first article offered a brief overview of honeypots, as well as the discussion of some their inherent strengths and weaknesses. This installment will take a look at some examples of different types of honeypots. We will also briefly discuss some important legal isues associated with honeypots and their use. Source: (Oct 23, 2001)


Entire contents
© 1999-2003 and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.