Focus on IDS
Honeypots, what is their limits for intrusion detection? Jul 01 2009 08:18AM
Tomas Olsson (tol sics se) (2 replies)
Re: Honeypots, what is their limits for intrusion detection? Jul 02 2009 04:45AM
r00t (r00t ellicit org)
Re: Honeypots, what is their limits for intrusion detection? Jul 01 2009 11:49PM
Albert Gonzalez (albertg cerveau us)
Tomas,

From a misuse detection pov it will obiviously alert you on potential
attacks to a honeypot. But any and all traffic destined to a honeynet
(pot) should be deemed suspicious or malicious as there is no
legitimate reason for communication between these hosts and others.
This could also serve as an early warning system since all trafic is
suspicious at the very least.

A honeypot(net) are also not productional systems so their downtime
for analysis is not problem and this is where the true value comes in.
An IDS can't tell you if successful or not just that it saw something
with ful blown access such detrmination can be made on top of method,
tools and what they did once they got in, etc...

A great use-case. There was a worm released with no A/V or IDS covrage
that was discovered through the traffic generated towards the honeynet.

Hope that helps,

----
Sent from my iPhone

On Jul 1, 2009, at 4:18 AM, Tomas Olsson <tol (at) sics (dot) se [email concealed]> wrote:

> Hi,
> I have a newbie question related to intrusion detection. It was
> suggested to me that Honeypots only catches automated attacks, is
> that true? How can we know which attacks are not caught? Is there
> any papers on what sort of attacks are caught by using honeypots?
>
> Regards
> Tomas
>
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL.
> A guide to understanding SSL certificates, how they operate and
> their application. By making use of an SSL certificate on your web
> server, you can securely collect sensitive information online, and
> increase business by giving your customers confidence that their
> transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
>
>

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus