Honeypots mailing list archives
Need advice on which info do I have to expect to classify worm
From: dcneting <ansiry () tm net my>
Date: Sat, 08 May 2004 00:28:14 +0800
Im using honeyd, snort and iptables in my simple honeynet in order to catch and classify the worms(known and unknown). And I set the logs to be centralized in only one database. Im planning to do the classification process autonomously. Is the information collected by those 3 tools is enough for me to classify worms into its category? Is just looking the info in tcp header is enough..? Suggest me if there anything I missed...:) Thanks.
Current thread:
- Need advice on which info do I have to expect to classify worm dcneting (May 07)