The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Software, Malware, Definition

High-interaction honeypot

Revision as of 03:13, 28 November 2011 by Mdscott (talk | contribs) (Adding categories)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Edit

Definition[]

High-interaction honeypots use a Microsoft operating system as a virtual operating system, which is actually infected. The system is reset at regular intervals and various types of malware, such as the entire bot program that is downloaded after infection can be captured. They record the times, communication protocols, source IP, source port, destination IP, destination port, file sizes, SHA-1 hash, file names, and directory names. They can also identify the users of the attacking bot-infested PCs.[1]

References[]

  1. The Fight Against the Threat from Botnets, at 11 n.2.
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement