An overview of several honeypots and their respective applications, their level of involvement, and demonstrated value to date are provided in Table 1 below.

Table 1.

Types of honeypots by level of involvement.

Honeypot Name/Type

Description

BackOfficer Friendly

BOF (as it is commonly called) is a very simple but highly useful honeypot developed by Marcus Ranum et al. At NFR. It is an excellent example of a low involvement honeypot. BOF is a program that runs on most window-based operating systems. All it can do is emulate some basic services, such as http, ftp, telnet, mail, or Back Orifice. Whenever someone attempts to connect to one of these ports, BOF is listening and will then log the attempt. BOF also has the option of "faking replies," which gives the attacker something to connect to.

Specter

Specter is a commercial product and what I would call another 'low involvement' production honeypot....
[ View Full Essay]