Firewall Wizards mailing list archives
RE: Intrusion Detection Systems, Best of breed?
From: Lance Spitzner <lance () honeynet org>
Date: Wed, 26 Dec 2001 22:04:06 -0600 (CST)
On Wed, 26 Dec 2001, Ofir Arkin wrote:
I am afraid that the more understandable they will be round 2 will never be...
Don't forget bud, when discussing honeypots, you can have different technologies for different purposes. Honeypots can act as simple burglar alarms, detecting when some is being naughty. For such purposes, signature detection (as you point out), may or may not be an issue. If signature detection is an issue, then more advance honeypot solutions can be whipped out that use real IP stacks, such as Mantrap or Honeynets. It all depends on what you want to use the honeypot technologies for, and the threats you are concerned about. However, you raise a good point, as people need to be aware of these issues :) lance
Ofir Arkin wrote:If they go to the real site and than in another session they try to attack it and get redirected to another host using another stack itwillbe obvious some one if fooling them.Of course it will!! But by then it will also be obvious to them that you're on to them! For me to fool with you, I have to have detected you... By the time they figure it out, they already know they've lost Round #1. Sure they can come back for Round #2 but I'm not unhappy to have won the first round. :)
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Intrusion Detection Systems, Best of breed?, (continued)
- Re: Intrusion Detection Systems, Best of breed? Stephen P. Berry (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 23)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 24)
- Re: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 25)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 27)
- RE: Intrusion Detection Systems, Best of breed? franks (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Robin S. Socha (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 26)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 27)
- Re: Intrusion Detection Systems, - Honeypots? R. DuFresne (Dec 28)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 28)
- Message not available
- Re: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 24)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 25)