IDS mailing list archives
Re: Protocol Anomaly Detection IDS - Honeypots
From: "dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>
Date: Thu, 20 Feb 2003 12:38:29 -0700
On Thu, Feb 20, 2003 at 12:58:58PM -0600, Lance Spitzner wrote:
I'm in no way suggesting that honeypots replace any existing detection technologies, I'm suggesting that can contribute. Personally, I feel the concept of deception has overshadowed the value of honeypots, when one of their true values lies in detection.
Lance, I would agree 100% for old times sake. 99% otherwise;-) I have been pondering this for a while. The idea I have had is to marry the two. For testing purposes I like the idea of a as per normal running snort. Then using a cd or whatever your comfortable with on the same grid run your honeypot. Then combine the assessment. There is the real risk incurred by having the honeypot living on the same device but this way you see sort of both perspectives. Doing the analysis would be interesting. AFAIK this is nothing new you would know better than me. This most likely should be separate with a analysis engine somewhere else. It is a valid idea IMO. Best Regards, dreamwvr () dreamwvr com -- /* Security is a work in progress - dreamwvr */ # # Note: To begin Journey type man afterboot,man help,man hier[.] # // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-] ----------------------------------------------------------- Does your IDS have Intelligent Attack Profiling? If not, see what you're missing. Download a free 15-day trial of StillSecure Border Guard. http://www.securityfocus.com/stillsecure
Current thread:
- Re: Protocol Anomaly Detection IDS, (continued)
- Re: Protocol Anomaly Detection IDS Frank Knobbe (Feb 11)
- RE: Protocol Anomaly Detection IDS Sonit Jain (Feb 12)
- Re: Protocol Anomaly Detection IDS Frank Knobbe (Feb 11)
- Re: Protocol Anomaly Detection IDS Yaakov Yehudi (Feb 11)
- RE: Protocol Anomaly Detection IDS Graham, Robert (ISS Atlanta) (Feb 06)
- RE: Protocol Anomaly Detection IDS Adam Powers (Feb 06)
- Re: Protocol Anomaly Detection IDS Jordan K Wiens (Feb 06)
- RE: Protocol Anomaly Detection IDS Andrew Plato (Feb 10)
- Re: Protocol Anomaly Detection IDS Martin Roesch (Feb 18)
- Re: Protocol Anomaly Detection IDS Robert Graham (Feb 20)
- Re: Protocol Anomaly Detection IDS - Honeypots Lance Spitzner (Feb 20)
- Re: Protocol Anomaly Detection IDS - Honeypots dreamwvr () dreamwvr com (Feb 20)
- RE: Protocol Anomaly Detection IDS - Honeypots Rob Shein (Feb 20)
- Re: Protocol Anomaly Detection IDS - Honeypots dreamwvr () dreamwvr com (Feb 21)
- Re: Protocol Anomaly Detection IDS - Honeypots Gene Yoo (Feb 25)
- Re: Protocol Anomaly Detection IDS Robert Graham (Feb 20)
- Message not available
- Re: Protocol Anomaly Detection IDS - Honeypots Bob Radvanovsky (Feb 20)