IDS mailing list archives
Re: Honeypots, what is their limits for intrusion detection?
From: r00t <r00t () ellicit org>
Date: Wed, 1 Jul 2009 18:45:33 -1000
Hi Tomas, That is not true. There are many types of honeypots and honeynets. What that person may have been talking about are low interaction honeypots as opposed to high interaction honeypots. High interaction honeypots allow and attacker into the machine (since they are purposely insecure) and there are many tools like sebek and snort-inline to help you figure out exactly what went on in your honeypot. For example sebek, which is a kernel mode rootkit, can capture all the commands the attacker entered even if he communicates over SSH. You will be able to capture all of his tools, exploits and whatever else be brought over. You should look into the honeynet project and the honeywall CD called Walleye if you are interested in learning more (http://old.honeynet.org/papers/virtual/). Papers are located here: http://www.honeynet.org/papers and the honeynet mailing list is available here: http://www.securityfocus.com/archive/119/description There is also a wealth of information here http://www.honeypots.net/honeypots/links If you have any questions please feel free to ask, but you'll more likely be able find more information on the honeynet mailing list or by asking me :) I'll also be writing about the honeynet project soon at my blog: http://nodereality.com I hope that helps On Tue, Jun 30, 2009 at 10:18 PM, Tomas Olsson<tol () sics se> wrote:
Hi, I have a newbie question related to intrusion detection. It was suggested to me that Honeypots only catches automated attacks, is that true? How can we know which attacks are not caught? Is there any papers on what sort of attacks are caught by using honeypots? Regards Tomas ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- Honeypots, what is their limits for intrusion detection? Tomas Olsson (Jul 01)
- Re: Honeypots, what is their limits for intrusion detection? Albert Gonzalez (Jul 02)
- Re: Honeypots, what is their limits for intrusion detection? r00t (Jul 02)
- <Possible follow-ups>
- Re: Honeypots, what is their limits for intrusion detection? krymson (Jul 08)