Client Honeypots
These are honeypots that initiate connections to a server. These are designed to identify and capture information on threats to client based applications (such as a browser or email)
The NZ Honeynet Alliance has released two client honeypot implementations:
- Capture-HPC is a high-interaction client honeypot framework. Capture-HPC identifies malicious servers by interacting with potentially malicious servers
using a dedicated virtual machine and observing its system for unauthorized
state changes. - HoneyC is a low interaction client honeypot framework that allows to find malicious servers on a network. Instead of using a fully functional operating system and client to perform this task, HoneyC uses emulated clients that are able to solicit as much of a response from a server that is necessary for
analysis of malicious content.
This work is licensed under a Creative Commons License