Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Anti-Honeypot Technology

Thorsten Holz
Chaos Communication Congress 21th (21C3) 2004
Indexed on
Mar 27, 2013
File name
File size
57.6 MB

Current Honeypot-based tools have a huge disadvantage: Attackers can detect honeypots with simple techniques and are to some extent also able to circumvent and disable the logging mechanisms. On the basis of some examples, we will show methods for attackers to play with honeypots. Honeypots / Honeynets are one of the more recent toys in the white-hat arsenal. These tools are usually assumed to be hard to detect and attempts to detect or disable them can be unconditionally monitored. The talk sheds some light on how attackers usually behave when they want to defeat honeypots. We will encompass the process of identifying and circumventing current honeypot technology and demonstrate several ways to achieve this. The focus will be on Sebek-based honeypots, but we will also show some ways how to accomplish similar results on different honeypot-architectures. Upon completion of this lecture, the attendees will have some insight in the limitations of current honeypot technology. Individuals or organization that would like to setup or harden their own lines of deception-based defense with the help of honeypots will see some constraints on the reliability and stealthiness of honeypots. On the other side, people with more offensive mindsets will get several ideas on how to identify and exploit honeypots.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !