Data control is a must if you are running high-interaction honeypots. The purpose of data control is to protect us from upstream liability. As we learned from reading this paper data control is somewhat of a skill that can only be learned through real world experience. GenI data control's alert.sh script is easy to deploy and configure making it perfect for those just getting started with high interaction honeypots. The limitation of GenI data control is that it operates one notch up in the stack at Layer3 making it easier to detect by our enemy. Also, GenI data control only works in connection limit mode. GenII data control operates at Layer2 making it difficult to detect and offers us more options to capture our enemy's motives, tools, and tactics. We can build our GenII data control system for connection limiting, or we can QUEUE enable the packets for Snort where a verdict can be set to determine the fate of each packet based on how the Snort signatures are implemented.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
