NoSEBrEaK - Attacking Honeynets

Maximillian Dornseif, Thorsten Holz, Christian N. Klein

IEEE Information Assurance Workshop (IAW), West Point, NY, June 2004


Abstract

It is usually assumed that honeynets are hard to detect and that attempts to detect or disable them can be unconditionally monitored. We scrutinize this assumption and demonstrate a method how a host in a honeynet can be completely controlled by an attacker without any substantial logging taking place.

[pdf]

Tags: honeynet, honeypots