Certified Ethical Hacker (CEH v13) — Question 228

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.

Which of the following techniques is employed by Dayn to detect honeypots?

Answer options

• A. Detecting honeypots running on VMware
• B. Detecting the presence of Snort_inline honeypots
• C. Detecting the presence of Honeyd honeypots
• D. Detecting the presence of Sebek-based honeypots

Correct answer: C

Explanation

The correct answer is C because Honeyd is a specific type of honeypot that can be detected using time-based TCP fingerprinting methods. The other options refer to different types of honeypots or technologies that may not be uniquely identifiable through the same technique used by Dayn.