Honeypots mailing list archives
Re: IDS and honeypots
From: Niels Provos <provos () citi umich edu>
Date: Wed, 30 Apr 2003 14:54:42 -0400
On Wed, Apr 30, 2003 at 02:28:17PM +0200, rnoble wrote:
I'm investigating the idea of using the traffic captured by a honeypot (in theory all data should be suspicious) and filtering out legal traffic and traffic captured by existing misuse IDS signatures and using the remainder to automatically create new signatures in order to update IDS a IDS database
Look at http://niels.xtdnet.nl/honeyd/ch01-results/ Christian Kreibich's Honeycomb does something similar. Niels.
Current thread:
- IDS and honeypots rnoble (Apr 30)
- Re: IDS and honeypots Valdis . Kletnieks (Apr 30)
- Re: IDS and honeypots Niels Provos (Apr 30)
- Re: IDS and honeypots Christian Kreibich (May 01)
- Re: IDS and honeypots Eric Arnoth (Apr 30)
- Re: IDS and honeypots ramos (May 02)