Honeypots mailing list archives
Re: Honeynet Requirements
From: Julian Grizzard <grizzard () ece gatech edu>
Date: Sun, 16 May 2004 10:39:22 -0400
If you are looking to use a honeynet to help secure you company, then we can suggest that you make your honeypots accessible from you production company machines. Then you can extend the honeypot theology and say that any production machine that is scanning your honeynet is automatically suspicious and can be marked for investigation (i.e. the scanning machine was infected by worm/virus/attacker and is scanning your other production/honeypot machines). You can pick up scanning activity even if your honeypots look nothing like your production machines.
-Julian On May 15, 2004, at 7:14 PM, Chuck Fullerton wrote:
I am in the planning stages of a Honeynet project for my company. I have aquestion that, so far, I haven't been able to find an answer.Using the diagram from the Honeynet Paper from www.honeynet.org, when you add honeypots to your honeynet, how closely must they mirror the productionmachines? Any advice is appreciated. Chuck Fullerton OPST,CISSP,CSS1,CCNP,CCDA,CNA,A+
Current thread:
- Honeynet Requirements Chuck Fullerton (May 15)
- Distributed Honeypot Project whitepaper announcement Andrew R. Lamb (May 16)
- Re: Honeynet Requirements Richard Stevens (May 16)
- Re: Honeynet Requirements Maximillian Dornseif (May 16)
- Re: Honeynet Requirements Julian Grizzard (May 16)