Honeypots mailing list archives
Re: newbie Re: Honeypots: Uses and Features
From: dave () immunitysec com
Date: Mon, 16 Jun 2003 06:37:28 -0400 (EDT)
I think dtspcd was first seen in the wild via a honeypot? At least by some people. It's definately a very rare event though, for some reason. -dave
Hi All, I have a question to the thread, whilst reading the comments I was wondering if anyone had seen the Honeypots being used to detect an attack which was previously unknown. Although I fully support views, such as: On Wed, 4 Jun 2003 01:00 am, Gonzalez, Albert wrote:Honeypots shouldn't just be used to attempt to find new exploits. They can be used to see what new rootkits are out, what trojans They are using, etc... Then when they set up shop, they might start pulling down goodies. Some folks I talk with are under the impression if what they used to compromise you isn't *NEW* then there is no point, oh boy are they wrong.I still would like to know if there has been any documentation of a previously unknown attack. I am aware that this is not crucial to show that honeypots can truly be useful. But I am wondering if I have missed such a paper. Cheers -- Sydney
Current thread:
- newbie Re: Honeypots: Uses and Features Sydney Grenzebach (Jun 15)
- RE: newbie Re: Honeypots: Uses and Features Bojan Zdrnja (Jun 16)
- Re: newbie Re: Honeypots: Uses and Features dave (Jun 16)