IDS mailing list archives
Re: RES: Protocol Anomaly Detection IDS - Honeypots
From: Lance Spitzner <lance () honeynet org>
Date: Sun, 23 Feb 2003 13:24:20 -0600 (CST)
On 22 Feb 2003, Frank Knobbe wrote:
'bleed' this method into others. The primary goal of a honeypot is to look vulnerable and to lure hackers to exploiting it.
This thread most likely should be moved to the honeypots list, as such this will be my last follow up. However, I just wanted to state that I would have to disagree the above statement. A honeypot is a highly flexible tool with a variety of different applications to security (prevention, detection, research, etc). Its primary goal is whatever you are attempting to achieve. For example, LaBrea is an excellent example of a honeypot that can slow down or prevent automated attacks. Honeyd is an example of how a honeypot can used for detection. Both work my not luring, but by monitoring unused IP space. The new bait-n-switch honeypot works not by luring, but by detecting attacks, then redirecting them against a honeypot, excellent for information gathering or research. Honeypots are extremely flexible and can be used for many different primary goals, one of which I feel is detection. To be honest, I think the security community has only begun to tap into the full potential of honeypot technologies. lance ----------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- RE: Protocol Anomaly Detection IDS - Honeypots, (continued)
- RE: Protocol Anomaly Detection IDS - Honeypots Rob Shein (Feb 21)
- RES: Protocol Anomaly Detection IDS - Honeypots Augusto Paes de Barros (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots Rob Shein (Feb 21)
- RE: Protocol Anomaly Detection IDS - Honeypots pbsarnac (Feb 21)
- RES: Protocol Anomaly Detection IDS - Honeypots Augusto Paes de Barros (Feb 21)
- Re: RES: Protocol Anomaly Detection IDS - Honeypots Frank Knobbe (Feb 25)
- Re: RES: Protocol Anomaly Detection IDS - Honeypots Lance Spitzner (Feb 25)