Honeypots mailing list archives
Detection of attacks with the help of honeypots
From: Andreas Hess <hess () ee tu-berlin de>
Date: Wed, 06 Nov 2002 09:33:13 +0100
Hi, I am relatively new to the concept of honeypots, thus I've got a general question. As far as I've understood the concept, honeypots could amongst other things be used for the detection of attacks. An attack could be identified by: 1.) communication between a remote host and the honeypot - as this is always suspicious, as a honest person would never contact a honeypot 2.) analysing log-files of the honeypot 3.) certain reactions of a honeypot. Are there honeypots which are capable to differentiate between regular and irregular requests? What happens if somebody floods a honeypot with a huge amount of regular requests? This is a kind of attack versus the honeypot but would not affect a real system. Is the current approach a mixture of the three given possibilities or how does it work? Thank you very much for helping! Regards Andreas
Current thread:
- Detection of attacks with the help of honeypots Andreas Hess (Nov 06)
- RE: Detection of attacks with the help of honeypots Bruno MAC Castro (Nov 10)
- Honeypots in physical/electronic security Fernando Martins (Nov 10)
- RE: Detection of attacks with the help of honeypots Bruno MAC Castro (Nov 10)