Snort mailing list archives
Re: VERY simple 'virtual' honeypot
From: Kerberus <kerberus () microbsd net>
Date: 08 Mar 2002 11:35:13 -0500
I would have to state that i believe the closest thing ive seen to help building a real honeypot is either a base redhat 6.2 install with everything running! : ) or the deception toolkit, combining both and some coding would probably make for great forensic analysis On Fri, 2002-03-08 at 07:26, Gideon Lenkey wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 7 Mar 2002, Lance Spitzner wrote: /* Of course this does not give you the Data Capture capabilites /* of a honeypot, as there is no system for the attacker to /* interact with. However, this could be used to help detect /* scanning or probing activity. /* /* Thoughts? NIDS systems give us plenty of scan and probe data from real production environments. What could we learn by getting this data from another source? (Thats a real question, not a statement!) - --Gideon * Gideon J. Lenkey * PGP Key ID 0x92556BEC * pgp.mit.edu * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8iK37H1ef35JVa+wRAuomAKCq5K7r5lJrZNZPIeqGU6vDR+tfgACdHKSx 0EcTcxa7I0MXqpqKF6vSk9U= =/PYT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: honeypots-unsubscribe () securityfocus com For additional commands, e-mail: honeypots-help () securityfocus com --------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities. Please, see: https://alerts.securityfocus.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: VERY simple 'virtual' honeypot, (continued)
- Re: VERY simple 'virtual' honeypot Kurt Seifried (Mar 07)
- Re: VERY simple 'virtual' honeypot David Watson (Mar 08)
- Re: VERY simple 'virtual' honeypot nfudd (Mar 08)
- Re: VERY simple 'virtual' honeypot Brian Caswell (Mar 07)
- RE: Re: VERY simple 'virtual' honeypot Chris Grout (Mar 07)
- Re: VERY simple 'virtual' honeypot Ian O'Brien (Mar 07)
- Re: VERY simple 'virtual' honeypot Glenn Forbes Fleming Larratt (Mar 07)
- Re: VERY simple 'virtual' honeypot Jim Forster (Mar 07)
- Re: VERY simple 'virtual' honeypot John Kinsella (Mar 07)
- Re: VERY simple 'virtual' honeypot Gideon Lenkey (Mar 08)
- Re: VERY simple 'virtual' honeypot Kerberus (Mar 08)
- RE: VERY simple 'virtual' honeypot Rick Francis (Mar 08)
- Re: VERY simple 'virtual' honeypot Edward Balas (Mar 08)
- Re: VERY simple 'virtual' honeypot Frank Knobbe (Mar 08)
- Re: VERY simple 'virtual' honeypot Frank Knobbe (Mar 08)
- Re: VERY simple 'virtual' honeypot James Hoagland (Mar 08)
- Re: VERY simple 'virtual' honeypot George Bakos (Mar 08)
- Re: VERY simple 'virtual' honeypot Martin Roesch (Mar 08)
- Re: VERY simple 'virtual' honeypot Jason Robertson (Mar 09)
- RE: VERY simple 'virtual' honeypot Ofir Arkin (Mar 09)
- Re: VERY simple 'virtual' honeypot Fyodor (Mar 09)
(Thread continues...)