Certified Ethical Hacker (CEH v12) — Question 295

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.

Which of the following techniques is employed by Dayn to detect honeypots?

Answer options

• A. Detecting honeypots running on VMware
• B. Detecting the presence of Snort_inline honeypots
• C. Detecting the presence of Honeyd honeypots
• D. Detecting the presence of Sebek-based honeypots

Correct answer: C

Explanation

The correct answer is C, as Honeyd is a widely used honeypot framework that can be detected using time-based TCP fingerprinting methods. Options A, B, and D refer to specific honeypot implementations that may not be the target of this particular detection technique.