Honeypots mailing list archives
Re: Attack/Benign Packet Determination
From: Valdis.Kletnieks () vt edu
Date: Fri, 29 Aug 2003 16:55:48 -0400
On Fri, 29 Aug 2003 13:19:39 PDT, Steven DeFord <steve () redlance singingtree com> said:
know which traffic is bad and which isn't? At least, how do you tell any better than an IDS? For example, in a recent post, someone mentioned the fact that a blackhat who's compromised a honeynet host can't get any production information out of sniffing the network, but what if some user's authentication session were misdirected to the honeynet?
In that case, you have bigger problems than that. Notice that there's an equal chance that the user's auth session was misdirected to some machine that's NOT a honeypot, but still 0wned by a black hat. If your're misdirecting authentication session often enough for this to be a serious threat model, you don't need a honeynet, you need a competent network administrator.....
Attachment:
_bin
Description:
Current thread:
- Attack/Benign Packet Determination Steven DeFord (Aug 29)
- RE: [inbox] Attack/Benign Packet Determination Curt Purdy (Aug 29)
- RE: [inbox] Attack/Benign Packet Determination Roger A. Grimes (Aug 29)
- Re: Attack/Benign Packet Determination Floydman (Aug 29)
- Re: Attack/Benign Packet Determination Mcen navaraj (Aug 29)
- Re: Attack/Benign Packet Determination Valdis . Kletnieks (Aug 29)
- RE: [inbox] Attack/Benign Packet Determination Curt Purdy (Aug 29)