Honeypots mailing list archives

RE: profiling honeypots..

From: Nigel Clarke <nigel () 26354 net>
Date: 07 Apr 2003 15:43:19 -0400

On Mon, 2003-04-07 at 13:46, Toby Miller wrote:


Toby, I am interested in learning what would classify profiling as an
art and not a science?

I have given some lectures on my model and the
one thing people fail to realize is that no model will be accurate
100% of the time. The FBI will tell you their profiling system is not
accurate 100% of the time. What we need to do is come up with a model
that can is accurate most of the time and can be used as a another
tool in the honeypot/ids world.


It is important to develop a model. One thing that prohibits development
are some of the networks and the way they are designed. If client X is
attacked, depending on the severity of the outage you won't have the
chance to perform and type of analysis. Not everyone uses TCP dump
recorders.

-- 
Nigel Clarke
Blade Runner #26354
*Filed and Monitored*

Current thread:

profiling honeypots.. nigel (Apr 06)
- Re: profiling honeypots.. Ali Saifullah Khan (Apr 07)
- Re: profiling honeypots.. Dominik Lupinski (Apr 07)
- Re: profiling honeypots.. Bernie, CTA (Apr 07)
  - Re: profiling honeypots.. Anton A. Chuvakin (Apr 07)
    - Re: profiling honeypots.. Bernie, CTA (Apr 07)
    - RE: profiling honeypots.. Toby Miller (Apr 07)
    - RE: profiling honeypots.. Nigel Clarke (Apr 07)
    - RE: profiling honeypots.. Toby Miller (Apr 07)
    - RE: profiling honeypots.. Nigel Clarke (Apr 07)
    - RE: profiling honeypots.. Bernie, CTA (Apr 07)
- <Possible follow-ups>
- Re: profiling honeypots.. Garrett Sinfield (Apr 07)
  - Re: profiling honeypots.. paul (Apr 07)
- RE: profiling honeypots.. mb_lima (Apr 07)
- RE: profiling honeypots.. Toby Miller (Apr 07)
  - Re: profiling honeypots.. Seth Arnold (Apr 07)
- RE: profiling honeypots.. Golomb, Gary (Apr 07)