Re: Honeypot Server

[Brent Huston <lbhlists () gmail com>]

Our HoneyPoint product does this.

It allows you to "sprinkle" pseudo-services around your environment  
using your existing systems and then provides centralized alerting and  
event management turning the pseudo-services into intelligence and  
threat management tools.

It is a commercial product, but is priced quite affordably.

Check it out at http://www.microsolved.com/honeypoint/

---
Brent Huston, CHS-III
Security Evangelist & CEO
http://www.microsolved.com
Assessments, Application/Device Security & HoneyPoint

On Jan 18, 2008, at 4:37 AM, <m.farid.shawara () gmail com> <m.farid.shawara () gmail com 
> wrote:

> Thanks for all of you ...
>
> When I said Alerting I meant that I should be able to sense the  
> attack when
> it happens.
>
> Another question :
> If I am an attacker - is there anyway to fingerprint it and know  
> that it's
> not a server and it's a just a honeypot ...
>
> My problem is that depending on the already known versions of the  
> honeypots
> and honeynets software - the attackers will always be able to  
> identify them
> and thus avoid doing any activities on them ...
>
> Thanks ,,,
> -----Original Message-----
> From: pinowudi [mailto:pinowudi () gmail com]
> Sent: Friday, January 18, 2008 4:44 AM
> To: m.farid.shawara () gmail com
> Subject: Re: Honeypot Server
>
> honeypots are not for alerting.  they are for researching the unknown.
> Look to snort or a nids for your requirements.
>
> m.farid.shawara () gmail com wrote:
> > Dear All :
> >
> > Can you advise what is the best honeypot server available
> > Open-source or commercial - it doesn't matter as long as it will be  
> > easy
> to
> > administrate and easy to monitor and alerted ...
> >
> > Mohamed Farid ...