Changes between Initial Version and Version 1 of FAQ

01/19/08 23:50:57 (11 years ago)



  • FAQ

    v1 v1  
     1== HoneyC FAQ == 
     2'''Under what license is HoneyC written and distributed?''' 
     4The GNU General Public License. 
     6'''How do client honeypots differ from traditional honeypots?''' 
     8Traditional honeypots passively wait to be probed, attacked, and compromised. These honeypots allow to capture active attacks, such as worms. Client honeypots turn around this situation. Instead of passively awaiting to be attacked, client honeypots actively crawl the web to search for servers that exploit the client as part of the server response. 
     10'''What other open-source client honeypots exist?''' 
     12Honeyclient at : 
     14and Capture at : 
     17'''How does HoneyC differ from !HoneyClient or Capture?''' 
     19!HoneyClient and Capture crawl the web with a real browser (Internet Explorer) and performs the analysis for exploit based on the state of the OS. As such, they are classified as a high interaction client honeypot. HoneyC, on the other hand, uses emulated clients (e.g. wget to emulate Internet Explorer) and uses an analysis engine that might make use of an algorithm other than OS state inspection (e.g. signature matching). As such, HoneyC is classified as a low interaction client honeypot. 
     21'''What is the Visitor component?''' 
     23The Visitor is the component responsible to interact with the server. The visitor usually makes a request to the server, consumes and processes the response. With version 1.0.0, HoneyC contains a web browser visitor component that allows to visits web servers. 
     25'''What is the Queuer component?''' 
     27The Queuer is the component responsible to create a queue of servers for the visitor to interact with. The queuer can employ several algorithm to create the queue of servers, such as crawling, scanning, utilizing search engines, etc. With version 1.0.0, HoneyC contains a Yahoo search queuer that creates a list of servers by querying the Yahoo Search API. A simple list queuer was added in version 1.1.2, that allows to statically set a list of server request to be put into the queue. 
     29'''What is the Analysis Engine?''' 
     31The Analysis Engine is the component responsible to evaluate whether security policy have been violated after the Visitor interacted with the server. This can be done by inspecting the state of the environment, analyze the response based on signatures or heuristics, etc. With version 1.0.0, HoneyC contains a simple analysis engine that generates snort fast alerts based on snort signature matching against web server responses. 
     33'''When was the HoneyC project incepted?''' 
     35July 2006