Honeypots mailing list archives
Re: Honeypots: Uses and Features
From: Cedric Foll <cedric.foll () ac-rouen fr>
Date: 03 Jun 2003 15:52:00 +0200
I think this can be extended a little (unless this somehow warrents a category of its own). I have seen people deploy honeypots not to learn or detect anything, but purely to lure the would be attacker away from the real network, with what would appear to be an easier target. I'm not so sure this is the best use, but I figured it warrented mentioning none the less :)
I do something like that. I have few honey pot in front of my FW. So they seem to be easy targets (no protection, response to ping) but with an IDS on them. When we are under attack they are touch in first. So we can cfg our FW to reject bad IP, contact administrator's IP and our CERT before big pb come.
Current thread:
- Honeypots: Uses and Features Lance Spitzner (Jun 02)
- Re: Honeypots: Uses and Features adam (Jun 02)
- RE: Honeypots: Uses and Features Andy Cuff [talisker] (Jun 03)
- Re: Honeypots: Uses and Features Lee Brotherston (Jun 03)
- Re: Honeypots: Uses and Features Cedric Foll (Jun 03)
- Re: Honeypots: Uses and Features Lee Brotherston (Jun 03)
- <Possible follow-ups>
- Re: Honeypots: Uses and Features Geoffrey Shorter (Jun 03)
- RE: Honeypots: Uses and Features Gonzalez, Albert (Jun 03)
- Re: Honeypots: Uses and Features Larissa Fricker (Jun 03)
- RE: Honeypots: Uses and Features Gonzalez, Albert (Jun 03)
- FW: Honeypots: Uses and Features Luc Somers (Jun 03)