Re: Honeypot Server

["Gleb Paharenko" <gpaharenko () gmail com>]

Hi.

> If I am an attacker - is there anyway to fingerprint it and know that it's
> not a server and it's a just a honeypot ...

Yes, there are methods to do this.

> My problem is that depending on the already known versions of the honeypots
> and honeynets software - the attackers will always be able to identify them
> and thus avoid doing any activities on them ...

It makes an attack several times difficult and sophisticated. The task
of security is not to make an attack impossible (because it is
impossible), but to make it harder as much as possible.


2008/1/18, m.farid.shawara () gmail com <m.farid.shawara () gmail com>:
> Thanks for all of you ...
>
> When I said Alerting I meant that I should be able to sense the attack when
> it happens.
>
> Another question :
> If I am an attacker - is there anyway to fingerprint it and know that it's
> not a server and it's a just a honeypot ...
>
> My problem is that depending on the already known versions of the honeypots
> and honeynets software - the attackers will always be able to identify them
> and thus avoid doing any activities on them ...
>
> Thanks ,,,
> -----Original Message-----
> From: pinowudi [mailto:pinowudi () gmail com]
> Sent: Friday, January 18, 2008 4:44 AM
> To: m.farid.shawara () gmail com
> Subject: Re: Honeypot Server
>
> honeypots are not for alerting.  they are for researching the unknown.
> Look to snort or a nids for your requirements.
>
> m.farid.shawara () gmail com wrote:
> > Dear All :
> >
> > Can you advise what is the best honeypot server available
> > Open-source or commercial - it doesn't matter as long as it will be easy
> to
> > administrate and easy to monitor and alerted ...
> >
> > Mohamed Farid ...


-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com