Method for capturing network worm based on honeypot technology

A method for capturing a network worm based on honeypot technology relates to a method for capturing a network virus. The method comprises the following steps of: a, extracting the worm feature: starting the service program with a vulnerability, and viewing the vulnerability service port; using netcat to listen to the port, creating an open socket and capturing all the activities sent to the socket for listening; capturing the worm; writing Snort intrusion rules according to the virus characteristics fragment; performing intrusion detection, creating port listeners, then running the Snort in intrusion detection mode; observing capture situation of the snort and viewing the snort alarm log; using the honeypot to interact with the network worm: requesting to download the worm virion by the honeypot; and creating a 4567/tcp listener by the honeypot host. The invention self-makes a honeypot to capture the network worm virus, and solves the great harm that the computer worm virus brings tothe network world. 种基于蜜罐技