| Network is a Double-edged sword, it brings people great convenience in living and studying as well as the security threats. In the war with attackers, people must get in-depth knowledge of the behaviour of the attackers to seize the initiative and suppress actively instead of defense passively.Traditional detection methods have many disadvantages in detecting and capturing attack sample. Honeypot is a powerful technical different with any other detection method in detecting and intelligence gathering. The paper introduces how to build a Honeypot Farms System aimed at attack sample capturing in the large distributed network. Look at the whole picture, collect attackers'information widely, get a comprehensive knowledge of attackers'target,method,exploit,propagation, etc.Firstly, it introduces several popular network security tools based on Honeypots. Then, in chapter 2, it introduces the basic principle of Honeypot and Honeynet, and takes the Genâ…˘Honeynet gateway of the Honeynet Project for example to analyze the key technical of Honeynet and visual Honeynet, at last it introduces the principle of Honeypot Farms. In chapter 3, it proposes the architecture of Honeypot Farms aimed at attack sample capturing, which borrowed the research result home and abroad. Analyzes and discusses the key technical of the system, proposes a new redirection method between IPs that under control and Honeypots. In chapter 4 ,it gives the realization of the system, and gives a detailed introduction of some key technical, such as packet delivering, attached packet, network address translation, etc. Finally, it gives the test results of the system with two testing cases, gives the systems modeling using the Queuing Theory, analyzes the relationships of the system parameters, which provide theory introduction in deployment of the system in practice. |
PDF Full Text Request