Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 5: Honeypotting > Detecting the Attack - Pg. 130

130 Chapter5·Honeypotting Detecting the Attack While honeypots and honeynets can be a pretty fun and interesting undertaking, at the end of the day the entire project is nothing more than a geek exercise if you don't have a means to detect the attack. In a lot of ways a honeypot is a learning exercise in a safe and controlled environment. A well implemented honeypot will provide a tremendous amount of insight and information with regard to how attacks are executed, what compromises are being performed, and what impact of the attack is. If you are unfortunate enough that a real attack occurs on your production envi- ronment, you know where and what to look for to restore functionality and security. Intrusion Detection Honeypots are a great way of luring attackers and automated malware away from your production systems, however there needs to be a way of being aware of when somebody or something is actively trying to break into your honeypot, and, even better, how many times they've tried to do it. This is especially important if you're running a high interaction honeypot as you need to monitor the compromise and