Capture - High Interaction Client Honeypot
Monday, December 11. 2006
Some researchers from Victoria University of Wellington, NZ, have released an initial version of "Capture - A Honeypot Client". This is a high-interaction client-side honeypot that tries to find malicious web sites. It consits of a server part which controlls several client, which actually crawl the Web and search for malicious sites. Everything is based on VMware in order to have a fast way to reset an infected machine. Sounds like an interesting approach - I'll give it a try once I have some hardware available :-)
About:
Only a few high interaction client honeypot clients are available today. Capture differs from existing client honeypots in various ways. First, it is designed to be fast. State changes are being detected using an event based model allowing to react to state changes as they occur. Second, Capture is designed to be scalable. A central Capture server is able to control numerous clients across a network. Third, Capture is suppose to be a framework that allows to utilize different clients. The intitial version of Capture supports Internet Explorer, but additional clients will be supported with upcoming versions of Capture.
taken from http://capture-hpc.sourceforge.net/index.php?n=Main.About
About:
Only a few high interaction client honeypot clients are available today. Capture differs from existing client honeypots in various ways. First, it is designed to be fast. State changes are being detected using an event based model allowing to react to state changes as they occur. Second, Capture is designed to be scalable. A central Capture server is able to control numerous clients across a network. Third, Capture is suppose to be a framework that allows to utilize different clients. The intitial version of Capture supports Internet Explorer, but additional clients will be supported with upcoming versions of Capture.
taken from http://capture-hpc.sourceforge.net/index.php?n=Main.About
".
