Honeypots mailing list archives
HoneyNet Question
From: "Hosun Yoo" <hosun () cmu edu>
Date: Tue, 21 Jun 2005 17:50:07 -0400 (EDT)
Hi!, I have experience with Honeyd but new to HoneyNet. If I set up HoneyNet, how do I know if my honeypot has been compromised beside checking Snort alerts? I believe Snort wouldn't catch attacks not in its signatures (rules). And, I think Sebek is a passive monitoring program. So, I have to input a command line to check keystrokes and changed system files once a while. Is there any program that automatically alerts me whenever keystroke or changed file is detected? Or, does Sebek have this kind of feature? Thanks,
Current thread:
- HoneyNet Question Hosun Yoo (Jun 22)