First page Back Continue Last page Summary Graphics
Physical vs. Virtual Honeypots:
Typical physical honeypot
Three physical machines
Careful configuration of all three machines
root can interfere with networking and logging
Here are the disadvantages of this setup.
It's logistically complicated, requiring three boxes.
You need to set up a private network so that the only access to it is through the gateway machine
You need to be very careful about configuring them to minimize the chances of an intruder using the honeypot as a platform for attacking the other boxes
If the intruder gains root access on the honeypot, which you would expect, then he can interfere with the local net and logging by killing daemons and shutting down interfaces or filtering network traffic leaving the honeypot