Honeypots mailing list archives
RE: KFSENSOR
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 17 Mar 2005 08:38:07 -0500
KFSensor is indeed a honeypot, and one of the best (if not THE best) Windows honeypots. Any honeypot needs fine tuning to filter out non-malicious traffic (mostly broadcasts)...but you'll find the fine tuning significantly easier than trying to filter out noise on an IDS or firewall. KFSensor and any honeypot is more than an IDS because it simulates (to varying degrees) responses back to the probing hacker or malware. Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ **** -----Original Message----- From: ksacaramel () aol com [mailto:ksacaramel () aol com] Sent: Thursday, March 17, 2005 7:42 AM To: honeypots () securityfocus com Subject: KFSENSOR hey people, i just downloaded kfsensor and it has received a lot of activity but half of them are not malicious. for eg. connections being made by NIS. is KFsensor more of an intrusion detection system then a honeypot? how does it act like a honeypot? shouldnt it just detect malicious activity? thanks a lot for any feedback...
Current thread:
- KFSENSOR ksacaramel (Mar 17)
- <Possible follow-ups>
- RE: KFSENSOR Roger A. Grimes (Mar 17)
- RE: KFSENSOR Joshua Berry (Mar 17)
- Re: KFSENSOR Lynn Preston (Mar 17)