RE: KFSENSOR

["Roger A. Grimes" <roger () banneretcs com>]

KFSensor is indeed a honeypot, and one of the best (if not THE best)
Windows honeypots.  Any honeypot needs fine tuning to filter out
non-malicious traffic (mostly broadcasts)...but you'll find the fine
tuning significantly easier than trying to filter out noise on an IDS or
firewall. 

KFSensor and any honeypot is more than an IDS because it simulates (to
varying degrees) responses back to the probing hacker or malware. 

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****



-----Original Message-----
From: ksacaramel () aol com [mailto:ksacaramel () aol com] 
Sent: Thursday, March 17, 2005 7:42 AM
To: honeypots () securityfocus com
Subject: KFSENSOR

hey people,


i just downloaded kfsensor and it has received a lot of activity but
half of them are not malicious. for eg. connections being made by NIS.

is KFsensor more of an intrusion detection system then a honeypot?

how does it act like a honeypot?

shouldnt it just detect malicious activity?


thanks a lot for any feedback...