Virtual honeypots: Tracking botnets

As a security device, virtual honeypots are as effective as traditional honeypots but easier to build, deploy and maintain. In this book excerpt from Addison-Wesley, you'll learn about the danger of botnets and how honeypots can help you track down and eliminate threats.

In Chapter 11 of Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz, learn how to use virtual honeypots to track botnets and other malware in your clients' systems. The book will help you understand what botnets are and how they are detected. Learn to defend your clients' computers using these botnet trackers.

In this chapter we discuss how honeypots can be used in the real world to learn about threats. We will start by showing you what can be learned about threats such as malware and botnets -- networks of compromised machines that can be remotely controlled by an attacker. Botnets can cause much harm in today's Internet. For example, they are often used to mount Distributed Denial of Service (DDoS) attacks or to send out spam or phishing mails. Moreover, botnets can be used for mass identity theft or other abuses of the compromised machines.

Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Download the entire chapter in full as a .pdf file

Honeypots allow us to learn more about this threat. We can use the tools introduced in the previous chapters combined with some other tools to study botnets in detail. In this chapter, we introduce the underlying methodology and present our results based on real-world data. We first describe what bots and botnets are and then introduce a methodology to track botnets. Based on the collected data, we give an overview of common attack techniques seen in the wild. We conclude this chapter with a brief overview of several ways for botnet mitigation.

Virtual Honeypots: From Botnet Tracking to Intrusion Detection
  Home: Virtual honeypots: Tracking botnets
  1: Bot and botnet 101
  2: Tracking botnets
  3: Case studies
  4: Defending against bots
  5: Summary
About the book:   

Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there's a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.

In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you'll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you've never deployed a honeypot before. Purchase Virtual Honeypots: From Botnet Tracking to Intrusion Detection from Addison-Wesley Publishing.

About the authors:   

Niels Provos is a senior staff engineer at Google. He developed Honeyd, an open source virtual honeypot that won the Tops in Innovation award from Network World, and is one of the cocreators of OpenSSH. Provos holds a degree in mathematics from the University of Hamburg and a Ph.D. in computer science and engineering from the University of Michigan.

Thorsten Holz is a Ph.D. student at the Labratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. He regularly blogs at

Dig Deeper on Managed network services technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.