Automotive Holiday Deals Books Gift Guide Books Gift Guide Shop Men's Athletic Shoes Learn more nav_sap_SWP_6M_fly_beacon Train egg_2015 All-New Amazon Fire TV Beauty Gifts Gifts for Her Amazon Gift Card Offer cm15 cm15 cm15 $30 Off Amazon Echo $30 Off Fire HD 6 Kindle Cyber Monday Deals Holiday Music in CDs & Vinyl Outdoor Deals on HTL
Virtual Honeypots and over one million other books are available for Amazon Kindle. Learn more

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Virtual Honeypots: From Botnet Tracking to Intrusion Detection 1st Edition

13 customer reviews
ISBN-13: 078-5342336320
ISBN-10: 0321336321
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$39.18 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$42.36 On clicking this link, a new layer will be open
More Buying Choices
22 New from $5.95 24 Used from $3.46
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Get Up to 80% Back Rent Textbooks
$42.36 FREE Shipping. Only 6 left in stock (more on the way). Ships from and sold by Gift-wrap available.

Frequently Bought Together

  • Virtual Honeypots: From Botnet Tracking to Intrusion Detection
  • +
  • Honeypots: Tracking Hackers
  • +
  • Know Your Enemy: Learning about Security Threats (2nd Edition)
Total price: $112.16
Buy the selected items together

Special Offers and Product Promotions

  • Take an Extra 30% Off Any Book: Use promo code HOLIDAY30 at checkout to get an extra 30% off any book for a limited time. Excludes Kindle eBooks and Audible Audiobooks. Restrictions apply. Learn more | Shop now

Editorial Reviews

From the Back Cover

Praise forVirtual Honeypots

"A power-packed resource of technical, insightful information that unveils the world of honeypots in front of the reader’s eyes."

—Lenny Zeltser, Information Security Practice Leader at Gemini Systems

"This is one of the must-read security books of the year."

—Cyrus Peikari, CEO, Airscanner Mobile Security, author, security warrior

"This book clearly ranks as one of the most authoritative in the field of honeypots. It is comprehensive and well written. The authors provide us with an insider’s look at virtual honeypots and even help us in setting up and understanding an otherwise very complex technology."

—Stefan Kelm, Secorvo Security Consulting

"Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need."

—Lance Spitzner, Founder, Honeynet Project

"Whether gathering intelligence for research and defense, quarantining malware outbreaks within the enterprise, or tending hacker ant farms at home for fun, you’ll find many practical techniques in the black art of deception detailed in this book. Honeypot magic revealed!"

—Doug Song, Chief Security Architect, Arbor Networks

"Seeking the safest paths through the unknown sunny islands called honeypots? Trying to avoid greedy pirates catching treasures deeper and deeper beyond your ports? With this book, any reader will definitely get the right map to handle current cyber-threats.

Designed by two famous white hats, Niels Provos and Thorsten Holz, it carefully teaches everything from the concepts to practical real-life examples with virtual honeypots. The main strength of this book relies in how it covers so many uses of honeypots: improving intrusion detection systems, slowing down and following incoming attackers, catching and analyzing 0-days or malwares or botnets, and so on.

Sailing the high seas of our cyber-society or surfing the Net, from students to experts, it’s a must-read for people really aware of computer security, who would like to fight against black-hats flags with advanced modern tools like honeypots."

—Laurent Oudot, Computer Security Expert, CEA

"Provos and Holz have written the book that the bad guys don’t want you to read. This detailed and comprehensive look at honeypots provides step-by-step instructions on tripping up attackers and learning their tricks while lulling them into a false sense of security. Whether you are a practitioner, an educator, or a student, this book has a tremendous amount to offer. The underlying theory of honeypots is covered, but the majority of the text is a ‘how-to’ guide on setting up honeypots, configuring them, and getting the most out of these traps, while keeping actual systems safe. Not since the invention of the firewall has a tool as useful as this provided security specialists with an edge in the never-ending arms race to secure computer systems. Virtual Honeypots is a must-read and belongs on the bookshelf of anyone who is serious about security."

—Aviel D. Rubin, Ph.D., Computer Science Professor and Technical Director of the Information Security Institute at Johns Hopkins University, and President and Founder, Independent Security Evaluators

"An awesome coverage of modern honeypot technologies, both conceptual and practical."

—Anton Chuvakin

"Honeypots have grown from simple geek tools to key components in research and threat monitoring at major entreprises and security vendors. Thorsten and Niels comprehensive coverage of tools and techniques takes you behind the scene with real-world examples of deployment, data acquisition, and analysis."

—Nicolas Fischbach, Senior Manager, Network Engineering Security, COLT Telecom, and Founder of Sécurité.Org

Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming, and expensive. Now, there’s a breakthrough solution. Virtual honeypots share many attributes of traditional honeypots, but you can run thousands of them on a single system-making them easier and cheaper to build, deploy, and maintain.

In this hands-on, highly accessible book, two leading honeypot pioneers systematically introduce virtual honeypot technology. One step at a time, you’ll learn exactly how to implement, configure, use, and maintain virtual honeypots in your own environment, even if you’ve never deployed a honeypot before.

You’ll learn through examples, including Honeyd, the acclaimed virtual honeypot created by coauthor Niels Provos. The authors also present multiple real-world applications for virtual honeypots, including network decoy, worm detection, spam prevention, and network simulation.

After reading this book, you will be able to

  • Compare high-interaction honeypots that provide real systems and services and the low-interaction honeypots that emulate them
  • Install and configure Honeyd to simulate multiple operating systems, services, and network environments
  • Use virtual honeypots to capture worms, bots, and other malware
  • Create high-performance "hybrid" honeypots that draw on technologies from both low- and high-interaction honeypots
  • Implement client honeypots that actively seek out dangerous Internet locations
  • Understand how attackers identify and circumvent honeypots
  • Analyze the botnets your honeypot identifies, and the malware it captures
  • Preview the future evolution of both virtual and physical honeypots

About the Author

Niels Provos received a Ph.D. from the University of Michigan in 2003, where he studied experimental and theoretical aspects of computer and network security. He is one of the OpenSSH creators and known for his security work on OpenBSD. He developed Honeyd, a popular open source honeypot platform; SpyBye, a client honeypot that helps web masters to detect malware on their web pages; and many other tools such as Systrace and Stegdetect. He is a member of the Honeynet Project and an active contributor to open source projects. Provos is currently employed as senior staff engineer at Google, Inc.

Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems at the University of Mannheim, Germany. He is one of the founders of the German Honeynet Project and a member of the Steering Committee of the Honeynet Research Alliance. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. Currently, his work concentrates on bots/botnets, client honeypots, and malware in general. He regularly blogs at


Product Details

  • Paperback: 440 pages
  • Publisher: Addison-Wesley Professional; 1 edition (July 26, 2007)
  • Language: English
  • ISBN-10: 0321336321
  • ISBN-13: 978-0321336323
  • Product Dimensions: 6.9 x 1.1 x 9 inches
  • Shipping Weight: 1.7 pounds (View shipping rates and policies)
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (13 customer reviews)
  • Amazon Best Sellers Rank: #1,045,781 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

5 star
4 star
3 star
2 star
1 star
See all 13 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

10 of 10 people found the following review helpful By samuel F. stover on September 2, 2007
Format: Paperback
Quick disclaimer: I know both authors. That said, I still have no problem pimping this book as "THE BEST PLACE TO START if you want to learn how to use honeypots." Best. Bar none. Par excellence - pick your cliche.

The fact is that these guys have pulled together an immense amount of experience into a book that will have you running your own honeypot in short order, and that's no small task. Setting up a honeypot/honeynet properly is *not* trivial. Tools like honeywall and argos are not for the faint of heart. But with VH, you'll have what you need to get started and most likely succeed.

Beyond the practical (i.e. step-by-step instructions on how to get things working), there is also plenty of theoretical. There truly is something for everyone in this book. Loads of info on low-interaction vs. high-interaction honeypots, plus legal and ethical points to consider for the budding honeypotter.

The proof is in the pudding for me - I now use argos to capture vulnerabilities in the wild, as well as sebek/honeywall/vmware to research worm propagation. I probably would have gotten there without this book, but certainly not as fast. Kudos to the authors - great book guys.

Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
8 of 8 people found the following review helpful By Stephen Northcutt on August 21, 2007
Format: Paperback
Simply put, this is the best security book I have read this year. A perfect blend of well researched information about honeypots as well as plenty of pragmatic how to do it. Well known respected authors that clearly know their stuff. A nice blend of network and system information to give the read the full picture. The reader will learn a lot of analysis and be exposed to a number of attack signatures. And the information is applicable. That was the huge eye opener for me! I thought honeypots were boutique at best, but the book shows clearly how to use them to augment your intrusion detection capability, to detect malware and to identify botnets. At the exact second the Storm botnet is raging, anti-malware products from Symantec, NAI, Trend Micro just are not getting the job done. A large organization with a low interaction honeypot like honeyd, collapsar or potemkin would be able to track what is happening in their network. In the same way, if you are running nepenthes or roleplayer you can identify (detect) the malware and understand how it is working.

Obviously the book cannot cover each tool in depth, Virtual Honeypots goes into detail for honeyd and nepenthes and serves as a manual to help you get started. This is thrilling reading to the very end, the final three chapters are case studies ( war stories ), tracking botnets and working with the CWSandbox. I absolutely recommend this book and expect that I will keep it near my workstation for the next few months. I read it the first time on airplanes, I live in Hawaii so each trip to the east coast is ten hours airplane time and it took about 20 hours for me to work through the book. I plan to read it at least one more time, but with a computer nearby to try to apply some of this. Hats off to the authors, Provos and Holz for sharing their knowledge with the community.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
6 of 6 people found the following review helpful By Chris Gates on November 10, 2007
Format: Paperback
Books that put institutional knowledge, or knowledge that people in the industry know but its not written down anywhere, are few and far between. This book succeeds in taking that institutional knowledge and putting it into a readable, functional, and well-organized format.

Before I get into the chapter play by play stuff, let me just say that Chapter 8, Client Honeypots, is worth the price of the book. Client-side attacks are were everything is moving to and the days of a remote OS 0day or quickly fading away. One of the hardest things to automate and teach is client-side attacks because it used to involve user interaction (someone actually clicking on the email, link, .exe), but with the client honeypots they discuss in the book you can automate clicking on emails, clicking on links, spidering websites, and running the executables you download from the sites. You can also monitor your honeypot for changes after running the executable, good stuff!

Most of the other reviewers said you can skip the introductory material, and you could, but its better than the usual "beginning of the book/background" material. The book starts with honeypot/honeynet introduction. Chapter 2 covers high interaction honeypots to include a good chunk of information on VMware and your other "virtual" options including User Mode Linux and Argos. Chapter 3 covers Low interaction honeypots like LaBrea, GHH, and PHP.HoP for your web based low interaction honeypots. Chapters 4 & 5 are a healthy dose of honeyd. Chapter 6 is collecting malware with Nepenthes and Honeytrap. Chapter 7 covers Hybrid systems. Chapter 8 is, as discussed, Client Honeypots. Chapter 9 is on detecting low and high interaction honeypots.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
4 of 4 people found the following review helpful By Timo on August 27, 2007
Format: Paperback
This book provides the most complete overview of Honeypots. It includes very detailed instructions on how to set up and use tools, and gives many examples for analysis and deployments. I have personally heard about Honeypots a lot, but never set one up myself. This book provided an excellent tutorial to show me how to do it. For both experts and novices, this book is filled with useful information. A must-read for anyone interested in Honeypots & malware simulations in general.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
This item: Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Price: $42.36
Ships from and sold by

Want to discover more products? Check out these pages to see more: computer security, computer network