Honeypots mailing list archives
Re: Honeypots: Uses and Features
From: "Larissa Fricker" <lft () netsec ch>
Date: Tue, 3 Jun 2003 17:01:55 +0200
How important is logging every connection attempt on every (closed) port for a production honeypot? Because it multiplies the number of 'irrelevant' security incidents and as a result also considerably increases the number of alerts, I feel that it might cause more bad than good in a production honeypot, where a low rate of false alerts is paramount. I realize that the situation is completely different for research setups. What do you think? Lara -------------------------------------------------------------------- N E T S E C - Network Security Software Web: www.netsec.ch - Mail: info () netsec ch Munzingerstr. 17A - 3007 Bern - Switzerland Phone: +41 313760534 - Fax: +41 313760533 --------------------------------------------------------------------
Current thread:
- Honeypots: Uses and Features Lance Spitzner (Jun 02)
- Re: Honeypots: Uses and Features adam (Jun 02)
- RE: Honeypots: Uses and Features Andy Cuff [talisker] (Jun 03)
- Re: Honeypots: Uses and Features Lee Brotherston (Jun 03)
- Re: Honeypots: Uses and Features Cedric Foll (Jun 03)
- Re: Honeypots: Uses and Features Lee Brotherston (Jun 03)
- <Possible follow-ups>
- Re: Honeypots: Uses and Features Geoffrey Shorter (Jun 03)
- RE: Honeypots: Uses and Features Gonzalez, Albert (Jun 03)
- Re: Honeypots: Uses and Features Larissa Fricker (Jun 03)
- RE: Honeypots: Uses and Features Gonzalez, Albert (Jun 03)
- FW: Honeypots: Uses and Features Luc Somers (Jun 03)