Honeypots mailing list archives
HoneyLatency
From: "Andy Cuff \[talisker\]" <offthecuff () lineone net>
Date: Sun, 13 Apr 2003 17:40:41 +0100
Hi </trivia> Having just enjoyed an enthusiastic presentation at CanSecWest from Lance Spitzner (The HoneyAmbassador) I have been updating the honepot page to reflect the new technology( http://www.networkintrusion.co.uk/honeypots.htm ). If anyone hasn't seen Lance present honeypots I'd highly recommend it, he hasn't quite got to the stage where geeks are throwing their underwear on stage but it was heading that way, it was even sufficient for me to buy his new book. <\trivia> I still have some doubts about remotely managed HoneyServices where neighboring IP addresses will have vastly differing latency, to a lesser extent the same would apply to bait-n-switch technology. Moreover, unless the remote honeynet modifies traffic all the honeynet traffic will have very similar latency. I understand that HoneyTechnology whilst evolving very quickly has some way to go but feel that HoneyDevelopers could take measures to overcome the bait-n-switch issue fairly trivially. (if they haven't already) HoneyD has already addressed this issue by varying latency, but how can this be achieved for a managed HoneyService without slowing the genuine traffic, which would have significant performance connotations thoughts? Apologies to all at core03 who I forced to drink Talisker, it was a pretty rough bottle, even by my low standards. take care -andy cuff Taliskers Network Security Tools http://www.networkintrusion.co.uk
Current thread:
- HoneyLatency Andy Cuff [talisker] (Apr 13)