honeyblog - virtual-honeypots

Forensic Incident Response Review on "Virtual Honeypots"

nospam@example.com (Thorsten Holz) — Tue, 7 Aug 2007 18:28:02 +0200

There is another review of our book at the Forensic Incident Response blog:

I got this book approximately 3 days ago and absolutely tore through it. This book was fantastic in every sense of the word.

Niels Provos (of honeyd fame) and Thorsten Holz (from the German honeynet project) teamed up to provide a true wealth of knowledge and information in Virtual Honeypots note I bought it from Amazon

As the title suggests, this book is all about creating and utilizing a virtualized environment to host honeypots. From the first chapter on, there is no mincing of words and the technical aspects are covered from set up to configuration to usage. Virtual Honeypots is a logical progression from the initial honeypots and KYE books and focuses more on the honeypot than the honeynet. There's such a wide variety of topics discussed that this book is probably best served as a reference after reading it once or twice. I was in awe when I read chapter 7 and specifically the section on the potemkin honeyfarm which apparently has been used to emulate over 64,000 honeypots!

This book presents itself really well and the authors did a fantastic job covering all of the critical and really interesting projects that are out there in the honey(net|pot) world. If you operate a honeynet or honeypots this book is not an option, it simply provides too much information to ignore. Even if you don't operate a honey(net|pot) this book is well worth the money and It's going right on the shelf next to other quick grab reference books.

ArsGeek Review of "Virtual Honeypots"

nospam@example.com (Thorsten Holz) — Tue, 7 Aug 2007 14:41:09 +0200

ArsGeek posted yesterday a review of the book by Niels and me:

Title: Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Author(s): Niels Provos & Thorsten Holz
ISBN10: 0-321-33632-1
ISBN13: 978-0-321-33632-1
Publisher: Addison-Wesley
Cost: $49.99
Format: Paperback, 440 pages.
Published: July 16, 2007

Here is a concise, step by step guide to creating virtual honeypots. Honeypots are sweetened servers or services made available to the public where those seeking to compromise systems (either bots, malware or actual human beings taking a gander) can find vulnerabilities and then exploit them. Honeypots serve to either track and collect information about such attacks or serve as literal traps, netting the bad guys and tracing back to their origins.

Topics in the book range from full fledged virtual OS instances to attract malware and wrongdoers, creating low interaction honeypots to simulate single instances of vulnerabilities (rather than an entire system to compromise) to using various pre-packed tools to attract and trap malware, bots and hackers.

Continue reading "ArsGeek Review of "Virtual Honeypots""

Virtual Honeypots

nospam@example.com (Thorsten Holz) — Tue, 31 Jul 2007 02:41:13 +0200

Niels Provos and I have written a book on "Virtual Honeypots: From Botnet Tracking to Intrusion Detection" which was released a couple of days ago. The book deals with high- and low-interaction honeypots and focuses on Honeyd, malware collection, client-side honeypots, botnet tracking, and many more topics. You can order it now in your favorite bookstore, looking forward to your comments :-)

Continue reading "Virtual Honeypots"