| In the past several years, honeypots have emerged as one of the techniques taking the initiative to defend against hackers. Honeypots present the dedicated application system intended to be attacked, so we can conveniently record the hackers' activities, know attack methodologies, and recognize potential threats.The main purpose of this paper is to systematically research of honeypots. Honeypots provide an effective approach to deeply know the hackers. When using honeypots, there are also several side effects, which can improve an organization's network security. The paper emphatically states the implementing techniques of honeypots, including camouflage, data capture, risk control, and data analysis.The author designs and implements a honeypot, which contains a new data capture method. The file access in honeypots can expose a lot of information, but is difficult to capture. The author sets up a diskless honeypot in chroot environment, and relates the system root directory to chroot directory with NFS, so in such a honeypot, the hackers' file access will be recorded by means of capturing network packets.With the honeypot, the author conducts experiments on the Internet, and gathers a lot of hacker activity information. In the upgrading process of honeypot experiments, practical analysis methods are developed, which facilitate finding hackers who have broken into the honeypot. The paper exhibits several attack cases, which provide a partial but impressive view of the cyber attacks and modus operandi of hackers.The vulnerability is inevitable, and network security always in the face of threats, so there are always opportunities for honeypots that can recognize potential threats. But honeypots are applicable for a certain conditions, and the essential benefit can be achieved only when the requisite technique, manpower, time, equipment and goals are in existence. |
PDF Full Text Request