Re: RE: search for master of science project topic

["gangadhar npk" <phani () myrealbox com>]

It seems to be a very interesting thought. Correct me if I am wrong in understanding this - 
the basic premise is that, once the 'monitor' identifies a process that is not conforming to the usual practice (say 
via anamoly detection), it silently transfers the process image to a honeypot - without disruption of anysort and the 
process runs within the honeypot (a VM, in all probability).
May be initially one can only take care of the socket connections, and then move to the part of file handles, memmaps 
and others.
Was this attempted before - I don't know, hence the question.

Thanks
Gangadhar
-----Original Message-----
From: "Payton, Zack" <Zack.Payton () MWAA com>
To: <dewadedw () yahoo com>, <honeypots () securityfocus com>
Date: Tue, 11 Oct 2005 11:09:17 -0400
Subject: RE: search for master of science project topic

Sure,  What about writing a paper about the best way to monitor
processes on a production box and processes transfer and tcp redirect to
honeypot in event of anomaly.
Zack

-----Original Message-----
From: dewadedw () yahoo com [mailto:dewadedw () yahoo com]
Sent: Sunday, October 09, 2005 1:32 AM
To: honeypots () securityfocus com
Subject: search for master of science project topic

I am a master of science student in electronic engineering. I am
searching for a topic about honeypot for my thesis. I was wondering if
any body could give me some recommendations.