Honeypots mailing list archives

Re: sebek data

From: Edward Balas <ebalas () iu edu>
Date: Thu, 5 Feb 2004 10:31:52 -0500


On Feb 4, 2004, at 6:40 AM, ansiry fsktm wrote:

is sebek is the only one data capture tool in a
honeynet? can the data captured by be used to do some
analysis? is it enough?




1.  Sebek is just one of the many sources of data used in a honeynet.
        I would recommend you review the repository of papers at:

                http://project.honeynet.org/papers/index.html
        
        Further to get a sense of how things have evolved you may want to
        read these in chronological order.

2. A number of data analysis tools are provided by the HoneynetProject.

        Information on these tools and the types of analysis that can easily
        be done today are located at:

                http://project.honeynet.org/papers/sebek.pdf

        Further the Sebek project page is located at:

                http://project.honeynet.org/tools/sebek/

3. To answer your last question, I would have to have a sense of whatyou

        what to do.  However, as researchers we always want more ;-)

Current thread:

sebek data ansiry fsktm (Feb 05)
- Re: sebek data Edward Balas (Feb 05)
- <Possible follow-ups>
- Re: sebek data gconnell (Mar 28)