If honeypots are designed for a specific set of exploits, such as SQL injection and XSS, how do they protect themselves against other exploits? For instance, if I created a honeypot a few months ago, and still had it running, would it be safe from shellshock? If so, how?
Asked
Active
Viewed 291 times
2 Answers
3
They're just as vulnerable as any other software would be to a vulnerability, so to your specific question it would be just as vulnerable. Remember though that in the case of shellshock the honeypot would have to be passing input to a bash shell to be vulnerable. Of course, is another component on the system is vulnerable, the honeypot could still be compromised using another vector.
The only difference between a honeypot and other software is that a honeypot is designed to be attacked, so they often put strict controls around whatever mechanism they use to capture malware, exploits, etc. It's unlikely that a honeypot would pass input to a bash shell given that it's known to be risky, but anything's possible.
theterribletrivium
- 2,679
- 17
- 18
2
Any software needs to be maintained. Honeypots are no exception.
Because honeypots are designed to be probed and hacked, they need to be placed in a separate and secured environment with the understanding that they may be completely overtaken.
Make sure the servers that honeypots are running on are part of your regular patch management process, and make sure to update the honeypot software itself regularly. Place the honeypot in a sandbox environment, and be prepared to nuke the honeypot from orbit and re-image on a regular basis (perhaps daily?).
schroeder
- 123,438
- 55
- 284
- 319