Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Honeypots to Fight Worms

Posted by CmdrTaco on from the we-hates-them-tony dept.

scubacuda writes "Laurent Oudout, an active member of the French Honeynet Project (part of the Honeynet Alliance), has written a paper evaluating the usefulness of using honeypots in fighting Internet worms. (Imagine a well-constructed honeypot framework capturing a worm, redirecting worm traffic to fake services, and launching counter attacks to clean infected hosts!)"

5 of 229 comments (clear)

  1. Worms too?! by MeanE · · Score: 4, Funny

    And here I thought they only caught bears named Poo.

  2. Skynet! by scovetta · · Score: 2, Funny

    Imagine a well-constructed honeypot framework capturing a worm, redirecting worm traffic to fake services, and launching counter attacks to clean infected hosts
    Yeah, the honeypot could proactively install patches to systems that it deemed infected, all around the world!
    Sounds like Skynet. Run for the hills!

    --
    Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
  3. Smokey the Bear says... by Anonymous Coward · · Score: 3, Funny

    When using your honeypot at the campgrounds, always practice safety.
    Surround your honeypot with rocks to keep the fire from spreading. Be sure when
    you're done with your honeypot to put it out with a bucket of water and make
    sure it has stopped smoking before you leave the area.

    Remember what Smokey the Bear says. Only you can prevent your honeypot from starting a forest fire.

  4. Re:Honeypot for lawyers by Anonymous Coward · · Score: 1, Funny

    My girlfriend has worms in her honeypot. Thank goodness for vaginal creams!

  5. Re:idiocy by unixdad · · Score: 2, Funny

    On top of this you are definitely on crack if you think that "launching counter attacks to clean infected hosts!" is a) a good idea or b) legal.

    What if it's a tool that you have deployed in your network, and it just so happens that the honeypot is a little bit misconfigured, allowing it to respond to all hosts that attempt to infect it?

    How is this then different from desktops that are poorly written/designed or misconfigured allowing them to spread viruses on the internet?

    The purpose of the tool (virus prone desktop vs. honeypot) is a bit different, but the end result is the same (a 3rd party's computer is modified without their permission). What makes the user of the desktop more defensible than the user of the honeypot?