Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Intrusion Detection Systems, Best of breed?

From: Lance Spitzner <lance () honeynet org>
Date: Wed, 26 Dec 2001 22:04:06 -0600 (CST)
On Wed, 26 Dec 2001, Ofir Arkin wrote:


I am afraid that the more understandable they will be round 2 will never
be...


Don't forget bud, when discussing honeypots, you can have different
technologies for different purposes.  Honeypots can act as simple
burglar alarms, detecting when some is being naughty.  For such
purposes, signature detection (as you point out), may or may not
be an issue.  If signature detection is an issue, then more advance
honeypot solutions can be whipped out that use real IP stacks, such
as Mantrap or Honeynets.

It all depends on what you want to use the honeypot technologies for,
and the threats you are concerned about.  However, you raise a good
point, as people need to be aware of these issues :)

lance


Ofir Arkin wrote:

If they go to the real site and than in another session they try to
attack it and get redirected to another host using another stack it

will

be obvious some one if fooling them.


Of course it will!!  But by then it will also be obvious to them that
you're on to them! For me to fool with you, I have to have detected
you...

By the time they figure it out, they already know they've lost Round #1.
Sure
they can come back for Round #2 but I'm not unhappy to have won the
first
round. :)


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: