Honeypots mailing list archives

Re: IDS and honeypots

From: Niels Provos <provos () citi umich edu>
Date: Wed, 30 Apr 2003 14:54:42 -0400

On Wed, Apr 30, 2003 at 02:28:17PM +0200, rnoble wrote:

   I'm investigating the idea of using the traffic captured by a honeypot
   (in theory all data should be suspicious) and filtering out legal
   traffic and traffic captured by existing misuse IDS signatures and
   using the remainder to automatically create new signatures in order to
   update IDS a IDS database

Look at

  http://niels.xtdnet.nl/honeyd/ch01-results/

Christian Kreibich's Honeycomb does something similar.

Niels.

Current thread:

IDS and honeypots rnoble (Apr 30)
- Re: IDS and honeypots Valdis . Kletnieks (Apr 30)
- Re: IDS and honeypots Niels Provos (Apr 30)
  - Re: IDS and honeypots Christian Kreibich (May 01)
- Re: IDS and honeypots Eric Arnoth (Apr 30)
- Re: IDS and honeypots ramos (May 02)