M. Dornseif, F. C. Gärtner, T. Holz
December 14, 2007
ABSTRACT Honeypots are electronic bait, i.e. network resources (computers, routers, switches, etc.) deployed to be probed, attacked and compromised. Honeypots run special software which permanently collects data about the system and greatly aids in post-incident computer and network forensics. Several honeypots can be assembled into networks of honeypots called honeynets. Because of the wealth of data collected through them, honeynets are considered a useful tool to learn more about attack patterns and attacker behavior in real networks. This paper explains the motivation for using the honeynet methodology and describes experiences with a honeynet at RWTH Aachen University. In analyzing the data collected through our experiment, we discuss the value of honeynets for computer vulnerability assessment. The paper also gives an overview over ethical and legal aspects of honeypots and a look on possible directions for further research.