NETSEC announced version 6.0 of its SPECTER IDS honeypot software for Windows XP, Windows 2000, and Windows NT. The new version simulates 13 different OSs, includes new services and traps, and provides improved tools for incident analysis. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
"In times of automated-hacker tools and scripts constantly scanning the Internet for vulnerable systems, it is very important to separate serious threads from harmless ones by amateur hackers," said Lara Fricker, head of NETSEC's penetration testing lab.
SPECTER acts as a decoy to lure intruders away from network systems. The software simulates numerous typical services including SMTP mail, FTP, POP3, IMAP4, HTTP, Secure Shell (SSH), DNS, Sun remote prcedure call (SUN-RPC), NetBus, Subseven Trojan, BackOrifice2K, Telnet, and finger. SPECTER immediately alerts administrators of hostile activity, offers detailed activity logs and a log analyzer, and provides information about the sophistication level of any attack.
Users can use a GUI to configure the honeypot remotely and can configure the honeypot to simulate five different system states. The open-mode behaves like a system with poorly configured security, the secure mode behaves like a well-secured system, failing mode behaves like a system experiencing various hardware and software problems, strange mode behaves in an unpredictable manner to confuse an intruder, and aggressive mode causes the honeypot to communicate as long as necessary to collect information about an attacker and then reveals its true identity as a SPECTER honeypot to help ward off intruders.Users of versions 4.x and 5.x can upgrade to version 6.0 for free. Base pricing for SPECTER is $500. Visit the company's Web site for more information.