Honeypots mailing list archives
RE: Dynamic honeypots question??
From: "Charles Strasburger" <charles.strasburger () cybershieldnetworks com>
Date: Mon, 29 Sep 2003 14:44:10 -0400
In a word..(or two)..."not possible". And this is ONE of the inherent problems with this HP/HN technology. Similar to sigs, patterns, strings, anomalies, etc...inherent problems... But that is going to change... Soon... C -----Original Message----- From: Kostas K [mailto:acezerocool () yahoo com] Sent: Sunday, September 28, 2003 9:06 AM To: honeypots () securityfocus com Subject: Dynamic honeypots question?? Hi list I' ve read the article on dynamic honeypots. It sounds very exciting and if it is as applicable as it's described then it seems that maybe we in front of a new era. But i would like to ask something: Since the honeypot will provide a plug-n-play solution by using passive OS fingerprinting analysis etc how can we be so sure that during this process the attacker won't interfere with it, realise that the machine he/she attacks is a honeypot. Furthemore how feasible would be to build this network while being offline? Regards Kostas --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.521 / Virus Database: 319 - Release Date: 9/23/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.521 / Virus Database: 319 - Release Date: 9/23/2003
Current thread:
- Dynamic honeypots question?? Kostas K (Sep 28)
- Re: Dynamic honeypots question?? Valdis . Kletnieks (Sep 29)
- RE: Dynamic honeypots question?? Charles Strasburger (Sep 29)
- <Possible follow-ups>
- Re: Dynamic honeypots question?? Kostas K (Sep 30)