Honeypots mailing list archives
Re: Heisenberg in the honeypot
From: Valdis.Kletnieks () vt edu
Date: Tue, 22 Jun 2004 15:25:29 -0400
On Mon, 21 Jun 2004 07:15:47 PDT, Harlan Carvey said:
True, but that can't be done until the particular system is identified...either a priori, or though OS fingerprinting or header/banner analysis. Some sort of a priori knowledge of the system(s) can be obtained through asking, disgruntled employees, DNS zone transfers, etc...all w/o out sending packets to the system itself.
Exactly.
But that's where we get off topic, I'm afraid. My
No, it's not at all off topic...
original question still applies...if an attacker has a new technique or exploit, how likely is he/she to use it knowing that honeypots are in use?
The important question is not "are honeypots in use" but "is *this* *particular* system that I'm considering as the next machine to probe in fact likely to be a honeypot?". I don't *care* if the site has 2,000 honeypots scattered world-wide. I only care "Is this box labelled www3.target-site.com likely to be a real webserver, or a honeypot?" You can know that the enemy uses land mines, but still feel confident about crossing a given space because you can tell that *this* space likely doesn't have a land mine - for instance, crossing a not-recently paved parking lot is probably fairly safe. Following heavy truck tire tracks also greatly improves your odds, as long as you don't come to someplace the tracks suddenly end.... ;)
Attachment:
_bin
Description:
Current thread:
- Heisenberg in the honeypot H Carvey (Jun 19)
- Re: Heisenberg in the honeypot Qv6 (Jun 21)
- Re: Heisenberg in the honeypot Harlan Carvey (Jun 21)
- Re: Heisenberg in the honeypot Valdis . Kletnieks (Jun 21)
- Re: Heisenberg in the honeypot Ranjeet Shetye (Jun 21)
- Re: Heisenberg in the honeypot MrDemeanour (Jun 21)
- Re: Heisenberg in the honeypot Harlan Carvey (Jun 21)
- Re: Heisenberg in the honeypot Christian Kreibich (Jun 21)
- Re: Heisenberg in the honeypot Robert Judy (Jun 21)
- Re: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- Re: Heisenberg in the honeypot Valdis . Kletnieks (Jun 22)
- Minefields Lance Spitzner (Jun 22)
- Re: Minefields MrDemeanour (Jun 23)
- Re: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- Re: Heisenberg in the honeypot Qv6 (Jun 21)
- RE: Heisenberg in the honeypot Harlan Carvey (Jun 21)
- RE: Heisenberg in the honeypot Chuck Fullerton (Jun 21)
- RE: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- Re: Heisenberg in the honeypot James Riden (Jun 22)
- Re: Heisenberg in the honeypot Harlan Carvey (Jun 22)
- RE: Heisenberg in the honeypot Chuck Fullerton (Jun 22)
- RE: Heisenberg in the honeypot Harlan Carvey (Jun 22)