Honeypots mailing list archives
RE: Honeypots: Uses and Features
From: "Gonzalez, Albert" <albert.gonzalez () eds com>
Date: Tue, 3 Jun 2003 11:23:15 -0400
IMHO I don't believe logging connections to closed ports is that important, though it has its usage. I personally would log after a certain threshold is exceeded, this could catch people knocking hard on certain ports. This would help various trending sites like incidents.org and or dshield.org. Other people might have different views as some like knowing everything that is knocking on the door. Hope that helps! Cheers, Alberto Gonzalez
-----Original Message----- From: Larissa Fricker [mailto:lft () netsec ch] Sent: Tuesday, June 03, 2003 11:02 AM To: honeypots () securityfocus com Subject: Re: Honeypots: Uses and Features How important is logging every connection attempt on every (closed) port for a production honeypot? Because it multiplies the number of 'irrelevant' security incidents and as a result also considerably increases the number of alerts, I feel that it might cause more bad than good in a production honeypot, where a low rate of false alerts is paramount. I realize that the situation is completely different for research setups. What do you think? Lara -------------------------------------------------------------------- N E T S E C - Network Security Software Web: www.netsec.ch - Mail: info () netsec ch Munzingerstr. 17A - 3007 Bern - Switzerland Phone: +41 313760534 - Fax: +41 313760533 --------------------------------------------------------------------
Current thread:
- Honeypots: Uses and Features Lance Spitzner (Jun 02)
- Re: Honeypots: Uses and Features adam (Jun 02)
- RE: Honeypots: Uses and Features Andy Cuff [talisker] (Jun 03)
- Re: Honeypots: Uses and Features Lee Brotherston (Jun 03)
- Re: Honeypots: Uses and Features Cedric Foll (Jun 03)
- Re: Honeypots: Uses and Features Lee Brotherston (Jun 03)
- <Possible follow-ups>
- Re: Honeypots: Uses and Features Geoffrey Shorter (Jun 03)
- RE: Honeypots: Uses and Features Gonzalez, Albert (Jun 03)
- Re: Honeypots: Uses and Features Larissa Fricker (Jun 03)
- RE: Honeypots: Uses and Features Gonzalez, Albert (Jun 03)
- FW: Honeypots: Uses and Features Luc Somers (Jun 03)