Honeypots mailing list archives

Re: IDS and honeypots

From: ramos () ipad com br
Date: Fri, 2 May 2003 14:07:12 -0300

Hi,

I do work in a project called Spyket Security System, and we do just that. We 
use a Honeynet to create SIDs. But it`s not automatically. 


Rodrigo Ramos
http://www.spyket.com.br



Citando rnoble <rnoble () petech ac za>:

hi
I'm investigating the idea of using the traffic captured by a honeypot (in
theory all data should be suspicious) and filtering out legal traffic and
traffic captured by existing misuse IDS signatures and using the remainder to
automatically create new signatures in order to update IDS a IDS database

does anyone know if this has been done before or any related work being
done.
also can anyone point me to any journal articles on honeypots etc. (already
got all the honeynet whitepapers)

lastly if anyone can think of blatent reasons why this should not or cannot
work 

contact me: rnoble () petech ac za
thanks





-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

Current thread:

IDS and honeypots rnoble (Apr 30)
- Re: IDS and honeypots Valdis . Kletnieks (Apr 30)
- Re: IDS and honeypots Niels Provos (Apr 30)
  - Re: IDS and honeypots Christian Kreibich (May 01)
- Re: IDS and honeypots Eric Arnoth (Apr 30)
- Re: IDS and honeypots ramos (May 02)