Honeypots mailing list archives
Re: Usefulness of low-interaction honeypots.
From: Kostas K <acezerocool () yahoo com>
Date: 8 Sep 2003 11:57:36 -0000
In-Reply-To: <Pine.LNX.4.44.0309072022340.18729-100000 () marge spitzner net> I could not agreed more, but with sniffing or if you like with passive O/S fingerprinting is even possible to identify what's behind the scenes. If i am correct the only way to deal with that problem from our internal network is and IDS or surveillance of the network from the administrator. I know that a LIH will do the job when its probed or even attacked, but what happens when this is not happening and the attacker with a small reconnaisance finds out the real identity of that machine? I have not worked with Honeyd or KFSensor, if these two does the work then it's ok with me. Regards Kostas In addition LIH will not protect your network in the way you want. Absolutely. However, I think you are barking up the wrong tree. I think low interaction honeypots make a wonderful detection technology for your internal networks. Deployments (such as Honeyd or KFSensor) can make honeypots very easy to deploy, and very effective for detection. Deploy it on your internal network, and if anyone interacts with the honeypots, you know you have someone (or something) on your internal networks that is most likely naughty. Very simple, and very effective. Yes, the bad guys can probe the hell out of this simple solution and potentially determine its a honeypot. However, by the then the honeypot has already done its job, your burglar alarm has detected and warned you about the bad guys. Keep in mind, honeypots are nothing more then a tool. That tool has many different applications to many different individuals and organizations. Traditionally, people have focused on using honeypots on external networks, or for decoy/deception. Honeypots can do sooooo much more. lance
Current thread:
- Usefulness of low-interaction honeypots. Kostas K (Sep 05)
- RE: Usefulness of low-interaction honeypots. John C. Silvia (Sep 05)
- <Possible follow-ups>
- Re: Usefulness of low-interaction honeypots. Kostas K (Sep 06)
- RE: Usefulness of low-interaction honeypots. John C. Silvia (Sep 06)
- Re: Usefulness of low-interaction honeypots. Kostas K (Sep 07)
- Re: Usefulness of low-interaction honeypots. Lance Spitzner (Sep 07)
- Re: Usefulness of low-interaction honeypots. Kostas K (Sep 08)
- Re: Usefulness of low-interaction honeypots. raymond (Sep 08)
- RE: [inbox] Re: Usefulness of low-interaction honeypots. Curt Purdy (Sep 08)
- RE: Usefulness of low-interaction honeypots. John C. Silvia (Sep 08)
- Re: Usefulness of low-interaction honeypots. raymond (Sep 08)
- Re: Usefulness of low-interaction honeypots. Kostas K (Sep 09)