Focus on IDS
Honeypots, what is their limits for intrusion detection? Jul 01 2009 08:18AM
Tomas Olsson (tol sics se) (2 replies)
Re: Honeypots, what is their limits for intrusion detection? Jul 02 2009 04:45AM
r00t (r00t ellicit org)
Hi Tomas,

That is not true. There are many types of honeypots and honeynets.
What that person may have been talking about are low interaction
honeypots as opposed to high interaction honeypots. High interaction
honeypots allow and attacker into the machine (since they are
purposely insecure) and there are many tools like sebek and
snort-inline to help you figure out exactly what went on in your
honeypot. For example sebek, which is a kernel mode rootkit, can
capture all the commands the attacker entered even if he communicates
over SSH. You will be able to capture all of his tools, exploits and
whatever else be brought over. You should look into the honeynet
project and the honeywall CD called Walleye if you are interested in
learning more (http://old.honeynet.org/papers/virtual/). Papers are
located here: http://www.honeynet.org/papers and the honeynet mailing
list is available here:
http://www.securityfocus.com/archive/119/description

There is also a wealth of information here
http://www.honeypots.net/honeypots/links

If you have any questions please feel free to ask, but you'll more
likely be able find more information on the honeynet mailing list or
by asking me :)

I'll also be writing about the honeynet project soon at my blog:
http://nodereality.com

I hope that helps

On Tue, Jun 30, 2009 at 10:18 PM, Tomas Olsson<tol (at) sics (dot) se [email concealed]> wrote:
> Hi,
> I have a newbie question related to intrusion detection. It was suggested to
> me that Honeypots only catches automated attacks, is that true? How can we
> know which attacks are not caught? Is there any papers on what sort of
> attacks are caught by using honeypots?
>
> Regards
> Tomas
>
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL.
> A guide to understanding SSL certificates, how they operate and their
> application. By making use of an SSL certificate on your web server, you can
> securely collect sensitive information online, and increase business by
> giving your customers confidence that their transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
>
>
>

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]
Re: Honeypots, what is their limits for intrusion detection? Jul 01 2009 11:49PM
Albert Gonzalez (albertg cerveau us)


 

Privacy Statement
Copyright 2010, SecurityFocus