Certified Ethical Hacker (CEH v11) — Question 395

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.
Which of the following techniques is employed by Dayn to detect honeypots?

Answer options

• A. Detecting honeypots running on VMware
• B. Detecting the presence of Snort_inline honeypots
• C. Detecting the presence of Honeyd honeypots
• D. Detecting the presence of Sebek-based honeypots

Correct answer: C

Explanation

The correct answer is C, as Honeyd is a popular honeypot software that can be detected through time-based TCP fingerprinting. The other options refer to specific types of honeypots or detection methods that are not primarily identified using this technique.