Re: newbie Re: Honeypots: Uses and Features

[dave () immunitysec com]

I think dtspcd was first seen in the wild via a honeypot? At least by some
people. It's definately a very rare event though, for some reason.


-dave


> Hi All,
> I have a question to the thread, whilst reading the comments I was
> wondering
> if anyone had seen the Honeypots being used to detect an attack which was
> previously unknown.
>
> Although I fully support views, such as:
> On Wed, 4 Jun 2003 01:00 am, Gonzalez, Albert wrote:
> > Honeypots shouldn't just be used to attempt to find new exploits.
> > They can be used to see what new rootkits are out, what trojans
> > They are using, etc... Then when they set up shop,
> > they might start pulling down goodies. Some folks I talk with
> > are under the impression if what they used to compromise you
> > isn't *NEW* then there is no point, oh boy are they wrong.
>
> I still would like to know if there has been any documentation of a
> previously
> unknown attack.
> I am aware that this is not crucial to show that honeypots can truly be
> useful. But I am wondering if I have missed such a paper.
>
> Cheers
> --
>  Sydney