Turning the tables: Loadable Kernel Module Rootkits deployed in a honeypot environment

Honeypots are one of the latest technologies available to track and monitor hackers and Internet attackers. They can be generally divided into two different areas, production and research honeypots. Honeypots can also be classified by the amount of system interaction they provide to an attacker and therefore the risk that is involved. First, a very simple, low interaction, low risk honeypot, Back Officer Friendly, is discussed and tested. Next, a new generation of honeypot techniques are discussed, utilizing the advantages of loadable kernel modules for tracking hackers. Finally, and overview of the sebek honeypot system will be discussed focusing on the functionality, advantages and disadvantages of such a system.