Honeypots mailing list archives
Re: logging facility
From: Floydman <floydman () iquebec com>
Date: Thu, 28 Aug 2003 05:02:07 -0400
Well, a honeypot is just a normal system, meant to be hacked into, on which you can apply all sorts of tools, including an IDS (by that I assume you mean NIDS). It is just that on production systems, you cannot use some of these tools for impractical or legal reasons (for example, sniffing and logging all you production traffic would be impractical in terms of volume of data, and would probably break some privacy laws). But for your honeypot, you could very well decide to put a NIDS like Snort, sniff all the traffic with TCPDump, put a HIDS like Tripwire, have a firewall which you keep all the logs, etc... Really, technically, there is not much of a difference, the context have a lot to do with what you call "logging facilities". Since there is not legitimate traffic on the honeypot by definition, all of it is malicious by nature, hence "higher" detection.
If you're still confused with these concepts, I'd recommend that you read Lance Spitzner's papers on www.honeynet.org.
Floydman At 08:19 PM 27/08/2003, Motayyam79 () aol com wrote:
Fine, but an IDS can be deployed on a network that doesn't have any production traffic. What logging facilities does a honeypot use that makes it more stronger than normal systems? _____________________________________________________________________ MSN Messenger, nouvelle version ! Personnalisez vos messages, jouez en ligne et communiquez en temps réel par vidéo! http://ifrance.com/_reloc/m
Current thread:
- logging facility Motayyam79 (Aug 27)
- Re: logging facility Valdis . Kletnieks (Aug 27)
- Re: logging facility George Washington Dunlap III (Aug 27)
- Re: logging facility Floydman (Aug 27)
- <Possible follow-ups>
- Re: logging facility Motayyam79 (Aug 27)
- Re: logging facility Richard Stevens (Aug 28)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility Floydman (Aug 28)
- Re: logging facility Floydman (Aug 28)
- Re: logging facility Motayyam79 (Aug 28)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility urbn (Aug 29)
- Re: logging facility KeyFocus (Aug 29)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility Valdis . Kletnieks (Aug 28)
- Re: logging facility Edward Balas (Aug 29)
- Re: logging facility Valdis . Kletnieks (Aug 27)
- Re: logging facility Peter Bates (Aug 28)
- Re: logging facility Ryan Barnett (Aug 29)