2.1 Honeypots and Honeynets Flashcards
1
Q
How can a DNS sinkhole be used to detect infected computers on your network?
A
If certain devices on the network have been communicating with a C2 (command and control) server, a DNS sinkhole can be used to redirect all the infected devices to a safe sinkhole, thereby identifying which computers have been infected.
2
Q
What kind of attractive files will you find in a honeynet and what do they do?
A
Honeyfiles; they are bait that send an alert if the file has been accessed by an attacker.
3
Q
Can an attacker use a DNS sinkhole in a DOS attack?
A
Yes
4
Q
What device can detect hosts attempting to accessing a malicious site and redirect them to a safe DNS sinkhole?
A
NGFW or IPS