IDS mailing list archives
Re: Protocol Anomaly Detection IDS - Honeypots
From: Gene Yoo <gyoo () attbi com>
Date: Fri, 21 Feb 2003 21:05:37 -0800
Rob Shein wrote:
I have to agree entirely. A lot of people think of a honeypot as something set up to look like a wildly insecure box. What I like to do is set one up to look like most of the other network-available boxes, but with a slight
imho, i think any defense could be offense and vis versa. too much stigma about this is for this and this is for that. as an intel analyst, i think we should "improvise" ideas and tools for anomaly events. in similar scenerio as rob had mentioned, this was a way for me to gather what i needed to setup a better security perimeter and of course having the attention focused elsewhere does allow the gatekeeper to see which holes they need to focus on.
twist, like an open port that the others don't have. It doesn't have to be incredibly appealing, just a chink in the armor will draw attackers to it. In "The Seven Samurai," the leader of the group states "Every good castle must have a weakness in its defense." He then uses that deliberate weakness to lure attackers to that one spot, where he waits. That's exactly what I go for with a honeypot, and it works pretty darn well too :)
last time i mentioned about the idea of sun tzu's "art of war" someone flamed me so hard about we can't put idealogy with science or something like that and you get to mentioned the seven samurai!!! but i do have to agree that our job is not about just being scientific but understand the human domain as well...
<snip> -- <<gyoo [at] attbi [dot] com>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+ otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs 5CODZqUPyg== =AolA -----END PGP SIGNATURE----- ----------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
Current thread:
- RE: Protocol Anomaly Detection IDS, (continued)
- RE: Protocol Anomaly Detection IDS Graham, Robert (ISS Atlanta) (Feb 06)
- RE: Protocol Anomaly Detection IDS Adam Powers (Feb 06)
- Re: Protocol Anomaly Detection IDS Jordan K Wiens (Feb 06)
- RE: Protocol Anomaly Detection IDS Andrew Plato (Feb 10)
- Re: Protocol Anomaly Detection IDS Martin Roesch (Feb 18)
- Re: Protocol Anomaly Detection IDS Robert Graham (Feb 20)
- Re: Protocol Anomaly Detection IDS - Honeypots Lance Spitzner (Feb 20)
- Re: Protocol Anomaly Detection IDS - Honeypots dreamwvr () dreamwvr com (Feb 20)
- RE: Protocol Anomaly Detection IDS - Honeypots Rob Shein (Feb 20)
- Re: Protocol Anomaly Detection IDS - Honeypots dreamwvr () dreamwvr com (Feb 21)
- Re: Protocol Anomaly Detection IDS - Honeypots Gene Yoo (Feb 25)
- Re: Protocol Anomaly Detection IDS Robert Graham (Feb 20)
- Message not available
- Re: Protocol Anomaly Detection IDS - Honeypots Bob Radvanovsky (Feb 20)