IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Honeypots, what is their limits for intrusion detection?

From: Albert Gonzalez <albertg () cerveau us>
Date: Wed, 1 Jul 2009 19:49:47 -0400
Tomas,
From a misuse detection pov it will obiviously alert you on potential attacks to a honeypot. But any and all traffic destined to a honeynet (pot) should be deemed suspicious or malicious as there is no legitimate reason for communication between these hosts and others. This could also serve as an early warning system since all trafic is suspicious at the very least.
A honeypot(net) are also not productional systems so their downtime for analysis is not problem and this is where the true value comes in. An IDS can't tell you if successful or not just that it saw something with ful blown access such detrmination can be made on top of method, tools and what they did once they got in, etc...
A great use-case. There was a worm released with no A/V or IDS covrage that was discovered through the traffic generated towards the honeynet. 

Hope that helps,

----
Sent from my iPhone

On Jul 1, 2009, at 4:18 AM, Tomas Olsson <tol () sics se> wrote:


Hi,
I have a newbie question related to intrusion detection. It was suggested to me that Honeypots only catches automated attacks, is that true? How can we know which attacks are not caught? Is there any papers on what sort of attacks are caught by using honeypots? 

Regards
Tomas


-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. 
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194




-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Previous By Date Next
Previous By Thread Next

Current thread: