Mailinglist Archive

Defeating Honeypots: System Issues, Part 2
by  Thorsten Holz and Frédéric Raynal
last updated April 6, 2005

Introduction

This paper will explain how an attacker typically proceeds in order to 
attack a honeypot for fun and profit. In part one we compared honeypots 
to steganography and then looked at three common techniques for 
virtualizing honeypots. For each of these methods, which included User 
Mode Linux, VMware environments, and chroot/jail environments, we looked 
at weaknesses that lead to their detection. It was made clear that while 
each of these have their advantages, they can all be easily detected by 
an experienced hacker.

http://www.securityfocus.com/infocus/1828?ref=rss