First page Back Continue Last page Summary Graphics
Physical vs. Virtual Honeypots:
Virtual honeypots
One physical host
Network traffic goes through host
Logging goes out to host
- can be done in such a way that root can't interfere
The actual honeypot can be distributed on a CD
Notes:
Here are the advantages of virtual honeypots
It's logistically a lot simpler, since it requires a single physical machine which can be one that's already lying around
The host is a natural gateway since all network traffic has to pass through it anyway
Logging is done directly to the host rather than over the network. Later, there is a description of a mechanism to do logging in such a way that root inside the honeypot can't interfere with it, or even detect it
The honeypot can be distributed on a CD rather than a pallet