Previous Page Next Page

3.2. Deception Toolkit

The Deception Toolkit (DTK), created by Fred Cohen in 1998, is one of the oldest low-interaction honeypots and is mentioned here only for historical reasons. It does not create virtual honeypots per se, but it binds to unused ports of your machines and shows deceptive services to anyone who probes these ports. Nevertheless, it is a low-interaction honeypot by our definition. All services provided by DTK are emulations that try to deceive the adversary.

A curious aspect of the DTK is the deception service. When you connect to it, it informs you about the fact that the detection toolkit is running on it. Telling any adversary on the Internet that an IP address is running the deception toolkit might not be a very good idea. However, this information could also cause the adversary to stop attacking this machine. You can download it from

http://all.net/dtk/download.html

We are not going to provide a detailed overview on how to install DTK, but we want to mention it because it was the first of its kind and interesting to know about from a historical point of view.

Previous Page Next Page