Honeypots mailing list archives
IDS and honeypots
From: "rnoble" <rnoble () petech ac za>
Date: Wed, 30 Apr 2003 14:28:17 +0200
hi I'm investigating the idea of using the traffic captured by a honeypot (in theory all data should be suspicious) and filtering out legal traffic and traffic captured by existing misuse IDS signatures and using the remainder to automatically create new signatures in order to update IDS a IDS database does anyone know if this has been done before or any related work being done. also can anyone point me to any journal articles on honeypots etc. (already got all the honeynet whitepapers) lastly if anyone can think of blatent reasons why this should not or cannot work contact me: rnoble () petech ac za thanks
Current thread:
- IDS and honeypots rnoble (Apr 30)
- Re: IDS and honeypots Valdis . Kletnieks (Apr 30)
- Re: IDS and honeypots Niels Provos (Apr 30)
- Re: IDS and honeypots Christian Kreibich (May 01)
- Re: IDS and honeypots Eric Arnoth (Apr 30)
- Re: IDS and honeypots ramos (May 02)