Which of the following is a term used to describe a network of tools that are used to gather information about attack methods that are used by malicious users? (Select the best answer.)
- black hole
A honeynet is a network of honeypots. A honeypot is a tool used to gather information about the attack methods used by malicious users. Honeypots, which can be composed of hardware or virtual assets, contain seemingly valuable information designed to attract malicious activities. By attracting malicious users to honeypots, administrators can analyze the methods and tools used in an attack and then use that information to protect legitimate resources.
A botnet is a network of compromised computers, known as zombies, which can be used to send spam as well as perform Distributed Denial of Service (DDoS) attacks and Denial of Service (DoS) attacks. In addition, zombies can collect personally identifiable information (PII), such as account login information and bank account information. Zombies are controlled remotely by malicious users without the knowledge of the computer’s owner. A host can become a zombie by executing a virus or by using an operating system (OS) that does not contain the latest updates.
A black hole is a trafficfiltering destination used to mitigate networkbased attacks originating from a known host address or range of addresses. With blackhole traffic filtering, all traffic from an address or range of addresses is considered malicious and is routed to a black hole, typically the null interface of a router. Packets routed to the null interface are discarded without further processing by the router.
Similarly, a sinkhole is a trafficfiltering destination used to mitigate networkbased attacks. With sinkhole traffic filtering, all traffic from an address or range of addresses is considered suspicious and is routed to a sinkhole, which is a device that can capture the traffic and analyze it before determining whether the traffic should be discarded.