Photo by Iqro Rinaldi on Unsplash
Slow Down Attackers with Endlessh
Mired
The honeypot strategy is well known outside the security community and is often used to defend corporate networks, while tarpits lead more of a wallflower existence. This article investigates what you can achieve with the Endlessh tarpit and how to use it to mitigate the damage caused by attackers on your network.
Honeypots
Honeypots are systems set up to be deliberately vulnerable, emulate common services, and draw the attacker's attention to the network, allowing the attacker's behavior to be analyzed for information about their methods and tools. Honeypots can be used as an early warning system and help you understand any new methods an attacker uses.
Ideally, honeypots offer a semi-automated approach to protecting the production systems on your network. A number of variants are described in various how-tos, ranging from low-interaction honeypots, the kind that accept new connections on a network but do not provide any services behind them, to high-interaction honeypots that simulate entire systems and production environments.
Depending on the interaction capabilities of a honeypot, an attacker is bound to discover it sooner or later, and once the honeypot is exposed, the attacker will move on to the next target. In other words, although honeypots can help you gain a better understanding of attacks, they do not prevent an attacker from actively traversing the network.
Tarpits, not dissimilar to honeypots, go beyond simply collecting information about an attack. Besides luring attackers into a monitored environment, the goal is also to slow the attack down and, in a best-case scenario, help them run into a brick wall. Instead of giving an attacker real-time clues that they are in a controlled environment – as is often the case with classic honeypots – a tarpit ensures that the attacker wastes valuable time on pointless operations, giving your defense team time to
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Endlessh and tc tarpits slow down attackers
Keep an attacker's connections open in an Endlessh "tarpit" or delay incoming connections with the more traditional rate-limiting approach of tc. -
Tricking Intruders with HoneypotMe
A honeypot is a specialized security tool that pretends to be an ordinary system to attract and identify attackers. Experienced intruders, however, are not so easily fooled. An experimental new technology known as HoneypotMe moves honeypot functionality to real systems on the production network.
-
Effective honeypots with sensors on production systems
A honeypot is a specialized security tool that pretends to be an ordinary system to attract and identify attackers. Experienced intruders, however, are not so easily fooled. An experimental new technology known as HoneypotMe moves honeypot functionality to real systems on the production network. -
OpenCanary attack detection
The canary in a coal mine has made its way metaphorically into IT security with the OpenCanary honeypot for detecting attacks. -
Targeted attacks on companies
Watering hole and spear phishing targeted attacks offer the greatest rewards to cybercriminals. Here's how to protect your company from these types of attacks.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
