Reconnaissance on a network has been an attacker's game for far too long, where's the defense? Nmap routinely evades firewalls, traverses NATs, bypasses signature based NIDS, and gathers up the details of your highly vulnerable box serving Top Secret documents. Why make it so easy?
In this talk, we will explore how to prevent network reconnaissance by using honeyd to flood your network with low fidelity honeypots. We then discuss how this lets us constrain the problem of detecting reconnaissance such that a machine learning algorithm can be effectively applied. (No signatures!) We will also discuss some important additions to honeyd that we had to make along the way, and perform a live demonstration of our free software tool for doing all of the above: Nova.