Honeypots mailing list archives
RE: profiling honeypots..
From: "Toby Miller" <toby_miller () adelphia net>
Date: Mon, 7 Apr 2003 13:46:34 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been reading this thread with great interest and the dialogue is good but the one thing people need to realize is that profiling is an art not a science. I have given some lectures on my model and the one thing people fail to realize is that no model will be accurate 100% of the time. The FBI will tell you their profiling system is not accurate 100% of the time. What we need to do is come up with a model that can is accurate most of the time and can be used as a another tool in the honeypot/ids world. Toby On 7 Apr 2003, at 10:12, Anton A. Chuvakin wrote:
implementations are that they exhibit predictable or identifiable probe/attack response characteristics, and their locations areHmm, that sounds a bit weird to me. When you type a UNIX command, the response is pretty predictable (or at least one hopes so). Why should honeypots "display unpredictable behavior"?
bhh>>> I believe you are considering only one stimulus / response event and not the quantization effect/error dynamics of the entire system. On a truly "active" system one would observe a quantifiable randomness in the system-wide operating and response characteristics indicative of the open-loop dynamics of a live/active system. Conversely, a most honoypots by design are closed loop systems that respond in a linear or controlled manner with predictable responses to step changes and stimuli, when analyzed as a system. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPpG5VlLhpjRJgUE5EQImCQCghwnKmIG03BwmzaLb8YiwPAgio9cAoO5T 38d59MLRLG+2tTqAClqZbZ/S =B6dd -----END PGP SIGNATURE-----
Current thread:
- profiling honeypots.. nigel (Apr 06)
- Re: profiling honeypots.. Ali Saifullah Khan (Apr 07)
- Re: profiling honeypots.. Dominik Lupinski (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
- Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- RE: profiling honeypots.. Nigel Clarke (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- RE: profiling honeypots.. Nigel Clarke (Apr 07)
- Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
- RE: profiling honeypots.. Bernie, CTA (Apr 07)
- <Possible follow-ups>
- Re: profiling honeypots.. Garrett Sinfield (Apr 07)
- Re: profiling honeypots.. paul (Apr 07)
- RE: profiling honeypots.. mb_lima (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
- Re: profiling honeypots.. Seth Arnold (Apr 07)
- RE: profiling honeypots.. Golomb, Gary (Apr 07)