top | item 42516178

(no title)

Yea, thinking about it for a minute I would expect limited threat models this tool would help with. I think for broad attacks, this would only be somewhat effective if deployed on tens of millions of hosts so it becomes impractical because the adversary is just finding and interacting with the honeypots.

If you are specifically getting targeted, there might be a slight delay by having the adversary try and exploit the honeypot ports, but if you're running a vulnerable service you still get exploited.

Also if you're a vendor, when prospective customers security teams scan you, you'll have some very annoying security questionnaires to answer.

discuss

No comments yet.