4

From what I have read about Greynet is, when we are talking about greynet, we are simply placing darknet inside network to monitor if someone is performing network scanning inside our network.

These are the photos that I found for Greynet implementation,

enter image description here

Source: Greynet and Darknet

Now, If I talk about honeypots, and as far as I understand, they are kind of a same thing. We place fake virtual hosts in our network to monitor if someone is performing any sort of network scanning.

So, what make honeypots and greynet different from each other ?

enter image description here

Riley Willow
  • 1,129
  • 9
  • 10

1 Answers1

6

The difference between a honeypot and a greynet is in the level of realism and interaction that they present and also the type of network element they present. A honeypot such as Honeyd will typically present a greater level of realism than a greynet since it could really act like a host would. Different ports open, OS faking etc that accommodates a greater interaction with the potential attacker. A greynet will simply be an available range of IPs than should receive no traffic and will offer very little interaction to the attacker. The admin knows there should be no traffic on that IP and thus knows there is either a misconfiguration in the network or a malicious entity at work. In summary

A honeypot is typically:

  • A single IP on a network representing one host
  • Can offer a great level of interaction to the attacker

A greynet:

  • Is a collection of IPs on a network
  • Can offer limited interaction with the attacker but not to the extent of a honeypot

If you would like to know more on how greynets fits into the field of network telescopes and network monitoring I suggest you read Section 2.5 of Professor Barry Irwin's work PhD thesis. He presents a small taxonomy of the different types of network telescopes such as darknets, dimnets, greynets, black-holes and sinks.

It is available here: http://www.researchgate.net/publication/265121255_A_framework_for_the_application_of_network_telescope_sensors_in_a_global_IP_network

Please bear in mind that my answer is based on normal interpretation of the terminology. Someone can implement honeypots on each node in their greynet or customise their greynet with additional functionality.

Joe
  • 1,214
  • 1
  • 11
  • 16