Cyber Security Institute

Thursday, March 08, 2007

A New Spin on Honeynets

Darknets, honeynets: When do you use one or the other?  A darknet, allocated but unused IP address space that ISPs and large enterprises have in reserve, is increasingly becoming a useful tool for catching attacks early.  “With a darknet, you listen for attack and connection attempts,” says Adam O’Donnell, senior research scientist with Cloudmark Inc. “There are lower maintenance requirements [than with a honeyet] because you don’t have to maintain a real piece of server hardware or virtual hardware.”  “Darknets are there to collect large network captures.  They can deduce DDOS, DOS, and botnet threats a lot faster and more completely because a honeynet in theory is just one POP [point of presence],” says Ralph Logan, partner with the Logan Group and vice president of The Honeynet Project.