Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Re: profiling honeypots..

From: "Bernie, CTA" <cta () hcsin net>
Date: Mon, 7 Apr 2003 10:48:31 -0400
On 7 Apr 2003, at 10:12, Anton A. Chuvakin wrote:


implementations are that they exhibit predictable or
identifiable probe/attack response characteristics, and their
locations are

Hmm, that sounds a bit weird to me. When you type a UNIX command,
the response is pretty predictable (or at least one hopes so).
Why should honeypots "display unpredictable behavior"?


bhh>>>
I believe you are considering only one stimulus / response 
event and not the quantization effect/error dynamics of the 
entire system. On a truly "active" system one would observe a 
quantifiable randomness in the system-wide operating and 
response characteristics indicative of the open-loop dynamics 
of a live/active system. Conversely, a most honoypots by 
design are closed loop systems that respond in a linear or 
controlled manner with predictable responses to step changes 
and stimuli, when analyzed as a system.
-

-

 

-- 
  Anton A. Chuvakin, Ph.D., GCI*
     http://www.chuvakin.org
   http://www.info-secure.org





-
****************************************************
Bernie 
Chief Technology Architect
Chief Security Officer
cta () hcsin net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************
Previous By Date Next
Previous By Thread Next

Current thread: