Honeyd - A Virtual Honeypot Framework

Niels Provos , Google, Mountain View

Stevenson Hall 1300
11:00 AM - 11:50 AM

A honeypot is a closely monitored network decoy serving several purposes: itcan distract adversaries from more valuable machines on a network, can provide early warning about new attack and exploitation trends, or allowin-depth examination of adversaries during and after exploitation of ahoneypot. Deploying a physical honeypot is often time intensive andexpensive as different operating systems require specialized hardware andevery honeypot requires its own physical system. This talk presents Honeyd, a framework for virtual honeypots that simulates virtual computer systems atthe network level. The simulated computer systems appear to run onunallocated network addresses. To deceive network fingerprinting tools, Honeyd simulates the networking stack of different operating systems andcan provide arbitrary routing topologies and services for an arbitrary numberof virtual systems. This talk discusses Honeyd's design and shows how theHoneyd framework helps in many areas of system security, e.g. detecting anddisabling worms, distracting adversaries, or preventing the spread of spamemail.