Honeypots mailing list archives

Re: Attack/Benign Packet Determination

From: Valdis.Kletnieks () vt edu
Date: Fri, 29 Aug 2003 16:55:48 -0400

On Fri, 29 Aug 2003 13:19:39 PDT, Steven DeFord <steve () redlance singingtree com>  said:

know which traffic is bad and which isn't?  At least, how do you tell any
better than an IDS?  For example, in a recent post, someone mentioned the
fact that a blackhat who's compromised a honeynet host can't get any
production information out of sniffing the network, but what if some
user's authentication session were misdirected to the honeynet?


In that case, you have bigger problems than that.  Notice that there's an equal
chance that the user's auth session was misdirected to some machine that's
NOT a honeypot, but still 0wned by a black hat.

If your're misdirecting authentication session often enough for this to be
a serious threat model, you don't need a honeynet, you need a competent
network administrator.....

Attachment: _bin
Description:

Current thread:

Attack/Benign Packet Determination Steven DeFord (Aug 29)
- RE: [inbox] Attack/Benign Packet Determination Curt Purdy (Aug 29)
  - RE: [inbox] Attack/Benign Packet Determination Roger A. Grimes (Aug 29)
- Re: Attack/Benign Packet Determination Floydman (Aug 29)
- Re: Attack/Benign Packet Determination Mcen navaraj (Aug 29)
- Re: Attack/Benign Packet Determination Valdis . Kletnieks (Aug 29)