Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.
Which of the following techniques is employed by Dayn to detect honeypots?
Dayn used a time-based TCP fingerprinting method to differentiate between the response times of a normal computer and a honeypot to a SYN request. This technique is employed to detect the presence of Honeyd honeypots, as Honeyd emulates network stacks and can often be identified by their unique timing responses to network queries.
C. Detecting the presence of Honeyd honeypots
CEHv12 - 1760 / 1759
C. Detecting the presence of Honeyd honeypots