Honeypots mailing list archives

IDS and honeypots

From: "rnoble" <rnoble () petech ac za>
Date: Wed, 30 Apr 2003 14:28:17 +0200

hi
I'm investigating the idea of using the traffic captured by a honeypot (in theory all data should be suspicious) and 
filtering out legal traffic and traffic captured by existing misuse IDS signatures and using the remainder to 
automatically create new signatures in order to update IDS a IDS database

does anyone know if this has been done before or any related work being done.
also can anyone point me to any journal articles on honeypots etc. (already got all the honeynet whitepapers)

lastly if anyone can think of blatent reasons why this should not or cannot work 

contact me: rnoble () petech ac za
thanks

Current thread:

IDS and honeypots rnoble (Apr 30)
- Re: IDS and honeypots Valdis . Kletnieks (Apr 30)
- Re: IDS and honeypots Niels Provos (Apr 30)
  - Re: IDS and honeypots Christian Kreibich (May 01)
- Re: IDS and honeypots Eric Arnoth (Apr 30)
- Re: IDS and honeypots ramos (May 02)