Re: An Idea for Discussion for HoneyView

[Valdis.Kletnieks () vt edu]

On Thu, 01 May 2003 10:15:54 EDT, Pascal Charest said:

> The other problem would be the bandwith asked by this operation, we are
> speaking of slowing down the speed of the login to crawl. I would also

Nobody said it had to *wait* for the traceroute to complete before letting
the person in - if a 'traceroute' congests the pipe noticalbly, there's
bigger network management issues (although this *does* require rate-limiting
of some sort, so you don't launch a traceroute back for every poke by a
Slapper-style worm).

> wonder if there would be usefull result, since an hacker might decide to
> use anonymous proxy, vpn, modified ircbot, hacked computer... all of wich
> would compromise your data accuracy.

Hmm.. anonymous proxies, bots, hacked computers.. those are things you'd WANT
to be including, since what you're generating is "a list of places you DONT want to be
hearing from"....  So if the hacker in Venezuela hits you via 3 different
open proxies, you want to null-route those /24s...

Attachment: _bin
Description: