Re: RES: Protocol Anomaly Detection IDS - Honeypots

[Lance Spitzner <lance () honeynet org>]

On 22 Feb 2003, Frank Knobbe wrote:

> 'bleed' this method into others. The primary goal of a honeypot is to
> look vulnerable and to lure hackers to exploiting it. 

This thread most likely should be moved to the honeypots list, as such
this will be my last follow up.  However, I just wanted to state that
I would have to disagree the above statement.  A honeypot is a highly
flexible tool with a variety of different applications to security
(prevention, detection, research, etc).  Its primary goal is whatever
you are attempting to achieve.  

For example, LaBrea is an excellent example of a honeypot that
can slow down or prevent automated attacks.  Honeyd is an example of how 
a honeypot can used for detection.  Both work my not luring, but by 
monitoring unused IP space.   The new bait-n-switch honeypot works not 
by luring, but by detecting attacks, then redirecting them against a 
honeypot, excellent for information gathering or research.  Honeypots
are extremely flexible and can be used for many different primary
goals, one of which I feel is detection.

To be honest, I think the security community has only begun to
tap into the full potential of honeypot technologies.

lance


-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>