Honeypots mailing list archives
RE: Honeypots: Uses and Features
From: "Gonzalez, Albert" <albert.gonzalez () eds com>
Date: Tue, 3 Jun 2003 11:00:40 -0400
This is a method I employ when deploying Honeypots. Though we also observe the intruders action. I am after steering him away from my production environment, while at the same time learning as much as possible from the intruder. Honeypots shouldn't just be used to attempt to find new exploits. They can be used to see what new rootkits are out, what trojans They are using, etc... Then when they set up shop, they might start pulling down goodies. Some folks I talk with are under the impression if what they used to compromise you isn't *NEW* then there is no point, oh boy are they wrong. This is one of the main reasons the Bait N Switch[1] project exists, for this very scenario. Cheers, Alberto Gonzalez [1] - http://www.violating.us/projects/baitnswitch
-----Original Message----- From: Lee Brotherston [mailto:lee () nerds org uk] Sent: Tuesday, June 03, 2003 9:31 AM To: talisker () networkintrusion co uk Cc: Lance Spitzner; honeypots () securityfocus com Subject: Re: Honeypots: Uses and Features On Tue, Jun 03, 2003 at 10:04:55AM +0100, Andy Cuff [talisker] wrote:From a production honeypot I'm looking for a heads upsimilar to an IDSof what an attackers intention might be, without impactingmy "real" network. I think this can be extended a little (unless this somehow warrents a category of its own). I have seen people deploy honeypots not to learn or detect anything, but purely to lure the would be attacker away from the real network, with what would appear to be an easier target. I'm not so sure this is the best use, but I figured it warrented mentioning none the less :) Thanks Lee -- Lee Brotherston - <lee () nerds org uk> Jar Jar Binks Makes The Ewoks Look Like Shaft
Current thread:
- Honeypots: Uses and Features Lance Spitzner (Jun 02)
- Re: Honeypots: Uses and Features adam (Jun 02)
- RE: Honeypots: Uses and Features Andy Cuff [talisker] (Jun 03)
- Re: Honeypots: Uses and Features Lee Brotherston (Jun 03)
- Re: Honeypots: Uses and Features Cedric Foll (Jun 03)
- Re: Honeypots: Uses and Features Lee Brotherston (Jun 03)
- <Possible follow-ups>
- Re: Honeypots: Uses and Features Geoffrey Shorter (Jun 03)
- RE: Honeypots: Uses and Features Gonzalez, Albert (Jun 03)
- Re: Honeypots: Uses and Features Larissa Fricker (Jun 03)
- RE: Honeypots: Uses and Features Gonzalez, Albert (Jun 03)
- FW: Honeypots: Uses and Features Luc Somers (Jun 03)