| question about honeypots do you guys think that comparison of wireless vs wired honeypot technology is a good topic for a research paper for school ? |
|
| I believe you would want to start with the premise of why you want to deploy the honeypot. I could see it being a decent paper. What level of school? |
|
| for the University, and it has to be some kind of comparison, i could go with low vs high interaction honeypots but would like to do wired vs wireless. The only thing is if i'll be able to compare it. Could i compare based on deception methods, purpose, installation, configuration, ? will there be enough differences to compare ? |
|
1 edit | I believe you would start with why the honeypots are being deployed as honeypots in general can be a controversial item with the IA community. What do you wish to gain from it? You don't just deploy a honeypot just to have one.
Then what kind of honeypot are we talking about? A system/device that is providing computing services or just an open access point?
*Edit for spelling. |
|
|
|
| I am studying Information Security, and need to do a project, the gain would be a comparison paper on wired vs wireless honeypot technology. I've seen a lot of papers about honeypots but nothing on this type of comparison. Then i would like to do some simple tests on those 2 honeypots technologies and how they react to it (in virtual environment) ex. scanning simple attack methods.
I am asking about this cause im not sure if that cold be a successful project. ?
btw Thank u so much for ur reply  |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ | Its like comparing oranges and grapefruits. |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 | .. which, of course, is a useful thing to do if you're writing something about citrus crops.
(i.e., I don't think the OP's premise is invalid per se) |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
| reply to peterca
I'm not a honeypot expert, but it seems that some attack vectors and methods would vary from wired infrastructure. For example, attacks against WPA-2, RADIUS, injecting certificates, MITM, etc. when connecting wirelessly would be possibilities.
I recall seeing a honeynet paper on the subject of wireless honeyspots, found it -
»honeynet.org.es/papers/honeyspot···1217.pdf
It may give you some ideas - or raise questions that you might answer in your project.
You might also contact Lance Spitzner at honeynet.org and see what he thinks about doing such a project.
SANS.org's reading room may also be helpful. |
|
| reply to dave
Nor do I but to compare an open access point as a honeypot to a specific services running on Honeyd might be more work. Now if you are looking at running Honeyd on a wired network vs behind an open access point that may be different.
Typically when you deploy a honeypot you're looking to watch traffic to tune H/NIDSs or firewalls. To this end I believe a statement to frame the paper on why the honeypot is being deployed (and I believe both would need to be deployed under the same reasons) would be required prior to talking about configuration and such as the configuration would need to be validated against the reason it's there to begin with. |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3
 ·Shaw
| reply to AVD
said by AVD:Its like comparing oranges and grapefruits.
I'm thinking its more like comparing oranges and bowling balls, but perhaps that is what would make the comparison valid. The nature of attack is very much different between wired and wireless systems, mostly based on the concept of proximity which changes almost everything and hence could make it an interest comparison as the differences are huge and in fact might be to large for a single paper so you might want to cut it down a bit.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
| Thank u all for help
I had a chat with Lance Spitzner and according to him it is a good idea since there is a lot of research being done in field of mobile/wireless honeypots.
If you guys have any good comparison points for me I would really appreciated that
thx again |
|
 Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1
·Bright House
 ·Sprint Mobile Br..
| said by peterca :If you guys have any good comparison points for me I would really appreciated that. I think a contrasting report would fit better w/ the options.
These points assume basic competency in networking and a dedicated PC to serve for the honeypot.
• Wireless Pro: Lends itself to a standalone network - safest config
No additional internet connection or IP address required
Cheap DD-WRT compatible AP can add some easy to config options
Potential for visual observation of people trying to gain access
• Wireless Con: Not suited for low population areas
Less potential for hacksess than internet connection
May have to compete for signal space
Some risk of hacker determining physical location of device
Environment (time, weather) may limit your overall traffic
• Wired Pro: Biggest digital miscreant pool on Earth
Unwitting gleaners may harvest and distribute your IP as low hanging fruit
More choices of Honeypot types - ie: eCommerce site, Email Server
You're hit around the clock
You can bait people to your IP by trolling - especially via email
• Wired Con: Some IP blocks are more visible than others. You may be stuck w/ what your ISP has to give you
For safest config you'd want a separate IP and/or internet connection
More traffic may increase your liability for criminal activity
Obviously these are generalizations. Each has any number of exceptions.
Good luck with it.
--
Adopting other people's animosity is The New Stupid. |
|
AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ | why can't you put a honeypot on a internet connect WAN with a wireless AP connected to it? then you get the pros on both. |
|
Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1 Reviews:
·Bright House
·Sprint Mobile Br..
| said by AVD:why can't you put a honeypot on a internet connect WAN with a wireless AP connected to it? then you get the pros on both. No reason. It's an intellectual exercise to examine the possibilities - so we are.
--
Adopting other people's animosity is The New Stupid. |
|
