Honeypots mailing list archives
RE: profiling honeypots..
From: "Toby Miller" <toby_miller () adelphia net>
Date: Mon, 7 Apr 2003 16:44:02 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Because there is no way we could get a profile right 100% of the time, hell I don't believe we could get a profile right 95% of the time(especially against elite attackers). I came up with a very immature model and am still working on it, the problem is many people want a model that is correct 100% of the time. There are many variables in our field, covering every single variable is difficult. This makes modeling difficult as well. All that being said, we still could continue developing a model, we would have to realize that it would have flaws. Just my .02 worth Toby Toby, I am interested in learning what would classify profiling as an art and not a science?
I have given some lectures on my model and the one thing people fail to realize is that no model will be accurate 100% of the time. The FBI will tell you their profiling system is not accurate 100% of the time. What we need to do is come up with a model that can is accurate most of the time and can be used as a another tool in the honeypot/ids world.
It is important to develop a model. One thing that prohibits development are some of the networks and the way they are designed. If client X is attacked, depending on the severity of the outage you won't have the chance to perform and type of analysis. Not everyone uses TCP dump recorders. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPpHjAVLhpjRJgUE5EQKYTACcDlZF91bDn2j8hYYf8M1iD3etYkUAoK2o xXQnMdXDUT72o0DbYqTQejPc =oltq -----END PGP SIGNATURE-----
Current thread:
- profiling honeypots.. nigel (Apr 06)
- Re: profiling honeypots.. Ali Saifullah Khan (Apr 07)
- Re: profiling honeypots.. Dominik Lupinski (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
- Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- RE: profiling honeypots.. Nigel Clarke (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- RE: profiling honeypots.. Nigel Clarke (Apr 07)
- Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
- RE: profiling honeypots.. Bernie, CTA (Apr 07)
- <Possible follow-ups>
- Re: profiling honeypots.. Garrett Sinfield (Apr 07)
- Re: profiling honeypots.. paul (Apr 07)
- RE: profiling honeypots.. mb_lima (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- Re: profiling honeypots.. Seth Arnold (Apr 07)
- RE: profiling honeypots.. Golomb, Gary (Apr 07)