Honeypots mailing list archives
RE: Honeypot/net IDS System
From: <ravivsn () roc co in>
Date: Tue, 24 Feb 2004 22:27:49 +0530 (IST)
After a quick thinking on use of honeypots, i have some few things to wonder. - If the applications like SMTP are fully secured using the anitspam,anitvirus softwares before a security patched server, then what is the role of HoneyPot in the network . - Using Honeypots will only increase the traffic onto the LAN under consideration as it attracts hackers to come in - honeypots can only trace out the hacker but it cant identify a possible threat, unless administrator goes thro the logs it is difficult to identify. A most helpful solution could be honeypot working in hand with intrusion protection systems or NIDS. Currently, with the tools ADMMutate NIDS are being cheated, Honeypot with NIDS can attract the hacker and we can know his real intentions using enhanced honeypot . I believe this would be a good combination. Cheers -Ravi ROCSYS Technologies Limited INDIA http://www.rocsys.com
I'm puzzled by everyone's interest in "fake honeypot" systems. I've run a couple of them for several years and there is almost NO traffic even though I have a bunch of email addy's on web pages for spamscrapers to find.is it possible that everone has finally got of the bumps and started securing their computer systems ? and they are deploying the honeypots as a part of the "proactive security policy" ;)Running a tarpit as the front end of our mail system catches bunches of spammers. Why wouldn't you do that instead? It is much more effective and eliminates the spam from our incoming MTA as well as killing the net traffic associated with the spam. Since spam outnumbers real messages by more than 10 to 1 (at least here), this is beneficial.running a tar pit can be achieved by using a combination of postfix + spam assassain + avirmail cuts the spam by 99% and is very effective for cutting down all the spam traffic the postfix server can issue a error 550 in the middle of the DATA statement if needs be if the incomming connection is determined to be spam. it also works on dns resoultions, the to & from headers and other cretieria - this is very easy to setup and maintain- i use it in my production network and it net accessiable without any thing in the front. works like a charm and is rock steady, ofcourse the server running is hardened openbsd. -aditya
Current thread:
- Honeypot/net IDS System Daniel Roth (Feb 22)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)
- Re: Honeypot/net IDS System captgoodnight (Feb 22)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 24)
- RE: Honeypot/net IDS System ravivsn (Feb 24)
- RE: Honeypot/net IDS System Michael (Feb 25)
- Re: Honeypot/net IDS System Valdis . Kletnieks (Feb 25)
- Re: Honeypot/net IDS System Ian Baker (Feb 24)
- Re: Honeypot/net IDS System Michael (Feb 25)
- RE: Honeypot/net IDS System Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- RE: Honeypot/net IDS System Michael (Feb 27)
- Re: Honeypot/net IDS System Niels Provos (Feb 27)
- Re: Honeypot/net IDS System Michael Robinton (Feb 22)