IDS mailing list archives
Re: Honeypots, what is their limits for intrusion detection?
From: Albert Gonzalez <albertg () cerveau us>
Date: Wed, 1 Jul 2009 19:49:47 -0400
Tomas,From a misuse detection pov it will obiviously alert you on potential attacks to a honeypot. But any and all traffic destined to a honeynet (pot) should be deemed suspicious or malicious as there is no legitimate reason for communication between these hosts and others. This could also serve as an early warning system since all trafic is suspicious at the very least.
A honeypot(net) are also not productional systems so their downtime for analysis is not problem and this is where the true value comes in. An IDS can't tell you if successful or not just that it saw something with ful blown access such detrmination can be made on top of method, tools and what they did once they got in, etc...
A great use-case. There was a worm released with no A/V or IDS covrage that was discovered through the traffic generated towards the honeynet.
Hope that helps, ---- Sent from my iPhone On Jul 1, 2009, at 4:18 AM, Tomas Olsson <tol () sics se> wrote:
Hi,I have a newbie question related to intrusion detection. It was suggested to me that Honeypots only catches automated attacks, is that true? How can we know which attacks are not caught? Is there any papers on what sort of attacks are caught by using honeypots?Regards Tomas ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL.A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- Honeypots, what is their limits for intrusion detection? Tomas Olsson (Jul 01)
- Re: Honeypots, what is their limits for intrusion detection? Albert Gonzalez (Jul 02)
- Re: Honeypots, what is their limits for intrusion detection? r00t (Jul 02)
- <Possible follow-ups>
- Re: Honeypots, what is their limits for intrusion detection? krymson (Jul 08)