Laurent Oudot 's Fighting Internet Worms With Honeypots evaluates the use of honeypots in defending against worms, including the daemon Honeyd. His conclusion:
Posted at October 28, 2003 03:14 PMTechnologies from the honeypot domain become an interesting card to play in the fight against Internet worms. They can be used to redirect evil worm traffic to dedicated fake services, safely catch the worms and analyze their behavior, and finally limit their propagation through networks.
These young technologies are therefore very promising, though they probably still suffer of a lack of testing experience when used over wide networks.
In case of attacks coming from a very hostile worm (black worms) that can kill or pester the targets, and can protect themselves or understand if they are deluded, the use of honeypots may be rather limited without a strong technical analysis to understand what is done by the worm and how to play with it. By our luck, so far none of the known Internet worms have been so violent.
Without becoming the principal key allowing total lockdown of computer architectures, honeypots are a valuable additional means in the fight against the Internet worms.
This discussion has been closed. No more comments may be added.