Honeypots mailing list archives
Re: profiling honeypots..
From: "Bernie, CTA" <cta () hcsin net>
Date: Mon, 7 Apr 2003 09:58:27 -0400
On 7 Apr 2003, at 1:06, nigel () 26354 net wrote:
I've heard that attackers have been building their own list of sites and addresses that use Honeynet servers. Has anyone heard anything in relation to this? --
bhh>>> I would presuppose, given the number of expedients and automated heuristic tools currently available, which an attacker may use for target discovery and identification that a list of honeypots/honeynets exists. Moreover, just as one may use penetration test to help fingerprint and model Attack Taxonomies for live systems, wouldn't an attacker develop Defense Taxonomies for honeypots? As I see it, the two main problems with most honeypot implementations are that they exhibit predictable or identifiable probe/attack response characteristics, and their locations are typically indiscreetly disclosed. My suggestion is that we think about ways to interject controlled chaos (noise) into the design of a honeypots response to probes and attacks, in order to simulate the unpredictable behavior of active systems. - - **************************************************** Bernie Chief Technology Architect Chief Security Officer cta () hcsin net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> *******************************************************
Current thread:
- profiling honeypots.. nigel (Apr 06)
- Re: profiling honeypots.. Ali Saifullah Khan (Apr 07)
- Re: profiling honeypots.. Dominik Lupinski (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
- Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- RE: profiling honeypots.. Nigel Clarke (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- RE: profiling honeypots.. Nigel Clarke (Apr 07)
- Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
- RE: profiling honeypots.. Bernie, CTA (Apr 07)
- <Possible follow-ups>
- Re: profiling honeypots.. Garrett Sinfield (Apr 07)
- Re: profiling honeypots.. paul (Apr 07)
- RE: profiling honeypots.. mb_lima (Apr 07)