Honeypots: Tracking Hackers

Multimedia Set (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 95%)
Other sellers (Multimedia Set)
  • All (17) from $1.99   
  • New (5) from $16.66   
  • Used (12) from $1.99   

Overview

"The text is comprehensive, an honest survey of every honeypot technology I had ever heard of and a number I read about for the first time."
--Stephen Northcutt, The SANS Institute

"One of the great byproducts of Lance's work with honeypots and honeynets is that he's helped give us a much clearer picture of the hacker in action."
--From the Foreword by Marcus J. Ranum

"From the basics of shrink-wrapped honeypots that catch script kiddies to the detailed architectures of next-generation honeynets for trapping more sophisticated bad guys, this book covers it all....This book really delivers new information and insight about one of the most compelling information security technologies today."
--Ed Skoudis, author of Counter Hack, SANS instructor, and Vice President of Security Strategy for Predictive Systems

Honeypots are unique technological systems specifically designed to be probed, attacked, or compromised by an online attacker. Implementing a honeypot provides you with an unprecedented ability to take the offensive against hackers. Whether used as simple "burglar alarms," incident response systems, or tools for gathering information about hacker motives and tactics, honeypots can add serious firepower to your security arsenal.

Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter™, Honeyd, Homemade honeypots, ManTrap®, and Honeynets.

Honeypots also includes a chapter dedicated to legal issues surrounding honeypot use. Written with the guidance of three legal experts, this section explores issues of privacy, entrapment, and liability. The book also provides an overview of the Fourth Amendment, the Electronic Communications Privacy Act, the Wiretap Act, and the Pen/Trap Statute, with an emphasis on how each applies to honeypots.

With this book you will gain an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment. You will arm yourself with the expertise needed to track attackers and learn about them on your own. Security professionals, researchers, law enforcement agents, and members of the intelligence and military communities will find this book indispensable.

0321108957B08282002

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
The best way to attract Winnie-the-Pooh is also the best way to attract, observe, and understand hackers: a honeypot. Over the past year, interest in honeypots has exploded. Now the field’s No. 1 expert covers all you need to know about them -- from selection to deployment, from management to legal issues.

Lance Spitzner founded the seminal Honeynet Project, moderates the honeypots maillist, and has presented on honeypots at the NSA, the FBI, and the Pentagon. He’s definitely the right author. And this is the right coverage.

Spitzner begins with an honest assessment of the advantages and disadvantages of honeypots (they’re relatively simple to deploy but have a narrow field of view -- and some are susceptible to discovery). Next, he offers chapter-length assessments of four leading honeypots -- Back Officer Friendly, Specter, Honeyd, and Mantrap -- plus a look at rolling your own.

You’ll find invaluable implementation guidance, including where to place honeypots for prevention, detection, response, and research; how to capture the right data; and how to mitigate risks and evade detection. There’s even a full chapter on the legal issues associated with honeypots -- a chapter written with the guidance of the U.S. Justice Department. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

Read More Show Less

Product Details

  • ISBN-13: 9780321108951
  • Publisher: Addison-Wesley
  • Publication date: 9/28/2002
  • Edition description: BK&CD-ROM
  • Pages: 452
  • Product dimensions: 7.40 (w) x 9.10 (h) x 1.20 (d)

Meet the Author

Lance Spitzner is a senior security architect for Sun Microsystems, Inc., and an acknowledged authority in security and honeypot research. He is a developer, the moderator of the honeypots mailing list, and an instructor for the SANS honeypot course. He is also the founder of the Honeynet Project, a nonprofit group of thirty security professionals dedicated to Honeynet research and learning the tools, tactics, and motives of blackhats and sharing their lessons learned. Lance has presented data on honeypot technologies to organizations such as the Pentagon, the FBI Academy, the Naval War College, the National Security Agency, West Point, SANS, CanSecWest, and Black Hat Briefings.

0321108957AB08282002

Read More Show Less

Read an Excerpt

It began as an innocent probe. A strange IP address was examining an unused service on my system. In this case, a computer based in Korea was attempting to connect to a rpc service on my computer. There is no reason why anyone would want to access this service, especially someone in Korea. Something was definitely up. Immediately following the probe, my Intrusion Detection System screamed an alert: An exploit had just been launched. My system was under assault! Seconds after the attack, an intruder broke into my computer, executed several commands, and took total control of the system. My computer had just been hacked! I was elated! I could not have been happier.

Welcome to the exciting world of honeypots, where we turn the tables on the bad guys. Most of the security books you read today cover a variety of concepts and technologies, but almost all of them are about keeping blackhats out. This book is different: It is about keeping the bad guys in—about building computers you want to be hacked. Traditionally, security has been purely defensive. There has been little an organization could do to take the initiative and challenge the bad guys. Honeypots change the rules. They are a technology that allows organizations to take the offensive.

Honeypots come in a variety of shapes and sizes—everything from a simple Windows system emulating a few services to an entire network of productions systems waiting to be hacked. Honeypots also have a variety of values—everything from a burglar alarm that detects an intruder to a research tool that can be used to study the motives of the blackhat community. Honeypots are unique in that they are not a single tool that solves aspecific problem. Instead, they are a highly flexible technology that can fulfill a variety of different roles. It is up to you how you want to use and deploy these technologies.

In this book, we explain what a honeypot is, how it works, and the different values this unique technology can have. We then go into detail on six different honeypot technologies. We explain one step at a time how these honeypot solutions work, discuss their advantages and disadvantages, and show you what a real attack looks like to each honeypot. Finally, we cover deployment and maintenance issues of honeypots. The goal of this book is not to just give you an understanding of honeypot concepts and architecture but to provide you with the skills and experience to deploy the best honeypot solutions for your environment. The examples in the book are based on real-world experiences, and almost all of the attacks discussed actually happened. You will see the blackhat community at their best, and some of them at their worst. Best of all, you will arm yourself with the skills and knowledge to track these attackers and learn about them on your own.

I have been using honeypots for many years, and I find them absolutely fascinating. They are an exciting technology that not only teaches you a great deal about blackhats but also teaches you about yourself and security in general. I hope you enjoy this book as much as I have enjoyed writing and learning about honeypot technologies.Audience

This book is intended for the security professional. Anyone involved in protecting or securing computer resources will find this resource valuable. It is the first publication dedicated to honeypot technologies, a tool that more and more computer security professionals will want to take advantage of once they understand its power and flexibility.

Due to honeypots' unique capabilities, other individuals and organizations will be extremely interested in this book. Military organizations can apply these technologies to Cyberwarfare. Universities and security research organizations will find tremendous value in the material concerning research honeypots. Intelligence organizations can apply this book to intelligence and counterintelligence activities. Members of law enforcement can use this material for the capturing of criminal activities. Legal professionals will find Chapter 15 to be one of the first definitive resources concerning the legal issues of honeypots. CD-ROM

A CD-ROM accompanies this book and contains additional information related to the topics in the book. It includes everything from whitepapers and source code to actual evaluation copies of software and data captures of real attacks. This will give you the hands-on opportunity to develop your skills with honeypot technologies.Web Site

This book has a Web site dedicated to it. The purpose of the Web site is to keep this material updated. If any discrepancies or mistakes are found in the book, the Web site will have updates and corrections. For example, if any of the URLs in the book have been changed or removed, the Web site will provide the updated links. Also, new technologies are always being developed and deployed. You should periodically visit the Web site to stay current with the latest in honeypot technologies.
http://www.tracking-hackers.com/book/References

Each chapter ends with a references section. The purpose is to provide you with resources to gain additional information about topics discussed in the book. Examples of references include Web sites that focus on securing operating systems and books that specialize in forensic analysis. About the Author

Lance Spitzner is a geek who constantly plays with computers, especially network security. He loves security because it is a constantly changing environment. His love for tactics first began in the U.S. Army, where he served both as an enlisted infantryman in the National Guard and as an armor officer in the Rapid Deployment Force. Following the Army he received his graduate degree and became involved in the world of information security. Now he fights the enemy with IPv4 packets instead of 120mm SABOT rounds.

His passion is researching honeypot technologies and using them to learn more about the bad guys. He is also actively involved with the security community. He is founder of the Honeynet Project, moderator of the honeypot mail list, coauthor of Know Your Enemy, and author of several whitepapers. He has also spoken at various conferences and organizations, including Blackhat, SANS, CanSecWest, the Pentagon, the FBI Academy, West Point, National Security Agency, and Navy War College. He is a senior security architect for Sun Microsystems Inc.

0321108957P09172002

Read More Show Less

Table of Contents

Foreword: Giving the Hackers a Kick Where It Hurts.

Preface.

1. The Sting: My Fascination with Honeypots.

The Lure of Honeypots.

How I Got Started with Honeypots.

Perceptions and Misconceptions of Honeypots.

Summary.

References.

2. The Threat: Tools, Tactics, and Motives of Attackers.

Script Kiddies and Advanced Blackhats.

Everyone Is a Target.

Methods of Attackers.

Targets of Opportunity.

Targets of Choice.

Motives of Attackers.

Adapting and Changing Threats.

Summary.

References.

3. History and Definition of Honeypots.

The History of Honeypots.

Early Publications.

Early Products.

Recent History: Honeypots in Action.

Definitions of Honeypots.

How Honeypots Work.

Two Examples of Honeypots.

Types of Honeypots.

Summmary.

References.

4. The Value of Honeypots.

Advantages of Honeypots.

Data Value.

Resources.

Simplicity.

Return on Investment.

Disadvantages of Honeypots.

Narrow Field of View.

Fingerprinting.

Risk.

The Role of Honeypots in Overall Security.

Production Honeypots.

Research Honeypots.

Honeypot Policies.

Summary.

References.

5. Classifying Honeypots by Level of Interaction.

Tradeoffs Between Levels of Interaction.

Low-Interaction Honeypots.

Medium-Interaction Honeypots.

High-Interaction Honeypots.

An Overview of Six Honeypots.

BackOfficer Friendly.

Specter.

Honeyd.

Homemade.

ManTrap.

Honeynets.

Summary.

Reference.

6. BackOfficer Friendly.

Overview of BOF.

The Value of BOF.

How BOF Works.

Installing, Configuring, and Deploying BOF.

Information Gathering and Alerting Capabilities.

Risk Associated with BOF.

Summary.

Tutorial.

Step 1—Installation.

Step 2—Configure.

Step 3—Netstat.

Step 4—Attack System.

Step 5—Review Alerts.

Step 6—Save Alerts.

References.

7. Specter.

Overview of Specter.

The Value of Specter.

How Specter Works.

Installing and Configuring Specter.

Operating System.

Character.

Services.

Intelligence, Traps, Password Types, and Notification.

Additional Options.

Starting the Honeypot.

Deploying and Maintaining Specter.

Information-Gathering and Alerting Capabilities.

Short Mail.

Alert Mail.

Log Analyzer.

Event Log.

Syslog.

Intelligence Gathering.

Risk Associated with Specter.

Summary.

References.

8. Honeyd.

Overview of Honeyd.

Value of Honeyd.

How Honeyd Works.

Blackholing.

ARP Spoofing.

ARP Proxy.

Responding to Attacks.

Installing and Configuring Honeyd.

Deploying and Maintaining Honeyd.

Information Gathering.

Risk Associated with Honeyd.

Summary.

References.

9. Homemade Honeypots.

An Overview of Homemade Honeypots.

Port Monitoring Honeypots.

The Value of Port Monitoring.

How Homemade Port Monitors Work.

Risk Associated with Homemade Port Monitors.

Jailed Environments.

The Value of Jails.

How Jails Work.

Installing and Configuring Jails.

Deploying and Maintaining Jails.

Information Gathering with Jails.

Risk Associated with Jails.

Summary.

References.

10. ManTrap.

Overview of ManTrap.

The Value of ManTrap.

Prevention.

Detection.

Response.

Research.

Nontraditional Applications.

Limitations.

How ManTrap Works.

Adjustments to the Kernel.

How ManTrap Handles the File System.

The Resulting Cages and Their Limitations.

Installing and Configuring ManTrap.

Building the Host System.

iButton and Configuration Options.

Client Administration.

Customizing the Cages.

Deploying and Maintaining ManTrap.

Information Gathering.

Data Capture in Practice: An Example Attack.

Viewing Captured Data

Data Capture at the Application Level.

File Recovery.

Using a Sniffer with ManTrap.

Using iButton for Data Integrity.

Risk Associated with ManTrap.

Summary.

References.

11. Honeynets.

Overview of Honeynets.

The Value of Honeynets.

Methods, Motives, and Evolving Tools.

Trend Analysis.

Incident Response.

Test Beds.

How Honeynets Work.

Controlling Data.

Capturing Data.

Collecting Data.

Honeynet Architectures.

GenI.

GenII.

Virtual Honeynets.

Sweetening the Honeynet.

Deploying and Maintaining Honeynets.

Information Gathering: An Example Attack.

Risk Associated with Honeynets.

Summary.

References.

12. Implementing Your Honeypot.

Specifying Honeypot Goals.

Selecting a Honeypot.

Interaction Level.

Commercial Versus Homemade Solutions.

Platform.

Determining the Number of Honeypots.

Selecting Locations for Deployment.

Placement for Prevention.

Placement for Detection.

Placement for Response

Placement for Research.

Implementing Data Capture.

Maximizing the Amount of Data.

Adding Redundancy to Data Capture.

IP Addresses Versus Resolved Names.

Logging and Managing Data.

Using NAT.

NAT and Private Addressing.

The Role of NAT with Honeypots.

Mitigating Risk.

Mitigating Fingerprinting.

Summary.

References.

13. Maintaining Your Honeypot.

Alert Detection.

Reliability of Alerts.

Critical Content.

Prioritizing Alerts.

Archiving.

Response.

Determining Reaction Practices and Roles.

Documenting Reaction Practices.

Remote Access and Data Control.

Data Analysis.

A Simple Scenario: Low-Interaction Honeypots.

A Complex Scenario: High-Interaction Honeypots.

Updates.

Summary.

References.

14. Putting It All Together.

Honeyp.com.

Matching Goals to Honeypot Solutions.

Deploying the Honeypots.

Maintaining the Honeypots.

Surviving and Responding to an Attack.

Honeyp.edu.

Matching Goals to Honeypot Solutions.

Deploying the Honeynet.

Maintaining the Honeynet.

Analyzing Attacks.

Summary.

References.

15. Legal Issues.

Are Honeypots Illegal?

Precedents.

Privacy.

The Fourth Amendment.

Stored Information: The Electronic Communications Privacy Act.

Real-Time Interception of Information: The Wiretap Act and the Pen/Trap Statute.

Entrapment.

Liability.

Summary.

References.

Resourcess.

16. Future of Honeypots.

From Misunderstanding to Acceptance.

Improving Ease of Use.

Easier Administration.

Prepackaged Solutions.

Closer Integration with Technologies.

Targeting Honeypots for Specific Purposes.

Expanding Research Applications.

Early Warning and Prediction.

Studying Advanced Attackers.

Identifying New Threats.

Deploying in Distributed Environments.

A Final Caveat.

Summary.

References.

Appendix A. BackOfficer Friendly ASCII File of Scans.

Appendix B. Snort Configuration File.

Appendix C. IP Protocols.

Appendix D. Definitions, Requirements, and Standards Document.

Appendix E. Honeynet Logs.

Index. 0321108957T09172002

Read More Show Less

Preface

It began as an innocent probe. A strange IP address was examining an unused service on my system. In this case, a computer based in Korea was attempting to connect to a rpc service on my computer. There is no reason why anyone would want to access this service, especially someone in Korea. Something was definitely up. Immediately following the probe, my Intrusion Detection System screamed an alert: An exploit had just been launched. My system was under assault! Seconds after the attack, an intruder broke into my computer, executed several commands, and took total control of the system. My computer had just been hacked! I was elated! I could not have been happier.

Welcome to the exciting world of honeypots, where we turn the tables on the bad guys. Most of the security books you read today cover a variety of concepts and technologies, but almost all of them are about keeping blackhats out. This book is different: It is about keeping the bad guys in--about building computers you want to be hacked. Traditionally, security has been purely defensive. There has been little an organization could do to take the initiative and challenge the bad guys. Honeypots change the rules. They are a technology that allows organizations to take the offensive.

Honeypots come in a variety of shapes and sizes--everything from a simple Windows system emulating a few services to an entire network of productions systems waiting to be hacked. Honeypots also have a variety of values--everything from a burglar alarm that detects an intruder to a research tool that can be used to study the motives of the blackhat community. Honeypots are unique in that they are not a single tool that solves a specific problem. Instead, they are a highly flexible technology that can fulfill a variety of different roles. It is up to you how you want to use and deploy these technologies.

In this book, we explain what a honeypot is, how it works, and the different values this unique technology can have. We then go into detail on six different honeypot technologies. We explain one step at a time how these honeypot solutions work, discuss their advantages and disadvantages, and show you what a real attack looks like to each honeypot. Finally, we cover deployment and maintenance issues of honeypots. The goal of this book is not to just give you an understanding of honeypot concepts and architecture but to provide you with the skills and experience to deploy the best honeypot solutions for your environment. The examples in the book are based on real-world experiences, and almost all of the attacks discussed actually happened. You will see the blackhat community at their best, and some of them at their worst. Best of all, you will arm yourself with the skills and knowledge to track these attackers and learn about them on your own.

I have been using honeypots for many years, and I find them absolutely fascinating. They are an exciting technology that not only teaches you a great deal about blackhats but also teaches you about yourself and security in general. I hope you enjoy this book as much as I have enjoyed writing and learning about honeypot technologies.

Audience

This book is intended for the security professional. Anyone involved in protecting or securing computer resources will find this resource valuable. It is the first publication dedicated to honeypot technologies, a tool that more and more computer security professionals will want to take advantage of once they understand its power and flexibility.

Due to honeypots' unique capabilities, other individuals and organizations will be extremely interested in this book. Military organizations can apply these technologies to Cyberwarfare. Universities and security research organizations will find tremendous value in the material concerning research honeypots. Intelligence organizations can apply this book to intelligence and counterintelligence activities. Members of law enforcement can use this material for the capturing of criminal activities. Legal professionals will find Chapter 15 to be one of the first definitive resources concerning the legal issues of honeypots.

CD-ROM

A CD-ROM accompanies this book and contains additional information related to the topics in the book. It includes everything from whitepapers and source code to actual evaluation copies of software and data captures of real attacks. This will give you the hands-on opportunity to develop your skills with honeypot technologies.

Web Site

This book has a Web site dedicated to it. The purpose of the Web site is to keep this material updated. If any discrepancies or mistakes are found in the book, the Web site will have updates and corrections. For example, if any of the URLs in the book have been changed or removed, the Web site will provide the updated links. Also, new technologies are always being developed and deployed. You should periodically visit the Web site to stay current with the latest in honeypot technologies.
http://www.tracking-hackers.com/book/

References

Each chapter ends with a references section. The purpose is to provide you with resources to gain additional information about topics discussed in the book. Examples of references include Web sites that focus on securing operating systems and books that specialize in forensic analysis.

About the Author

Lance Spitzner is a geek who constantly plays with computers, especially network security. He loves security because it is a constantly changing environment. His love for tactics first began in the U.S. Army, where he served both as an enlisted infantryman in the National Guard and as an armor officer in the Rapid Deployment Force. Following the Army he received his graduate degree and became involved in the world of information security. Now he fights the enemy with IPv4 packets instead of 120mm SABOT rounds.

His passion is researching honeypot technologies and using them to learn more about the bad guys. He is also actively involved with the security community. He is founder of the Honeynet Project, moderator of the honeypot mail list, coauthor of Know Your Enemy, and author of several whitepapers. He has also spoken at various conferences and organizations, including Blackhat, SANS, CanSecWest, the Pentagon, the FBI Academy, West Point, National Security Agency, and Navy War College. He is a senior security architect for Sun Microsystems Inc.

0321108957P09172002

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted June 12, 2003

    A default installation of Red Hat Linux is compromised in less than 72 hours

    A 'honeypot' is essentially a system whose sole purpose is to allow black hat hackers and 'script kiddies' (i.e., computer novices reliant on ready-made scripts that automate the process of locating and breaking into vulnerable remote systems) to probe, attack, or compromise a computer or network. As the author explains it, a honeypot can be used to deter, detect or capture/analyze these unauthorized system intrusions. Honeypots may also be used as early indication and warning sensors to alert administrators to an unwanted break-in or security breach. Additionally, within a research environment, honeypots can effectively capture intruders' keystrokes and the toolkits they use to comprimise these systems. While Lance Spitzner's book contains a great deal of useful information on the subject of honeypots (and honeynets--their network analogues), I found much of the book's content both redundant and unnecessarily wordy. Honeypots Tracking Hackers would have been a great book at half the size. As it is, it's a good resource for security-minded individuals who have the time and patience to cull out the useful gems within its covers.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)