Honeypots mailing list archives
Re:Introducing the Tactical Honeynet Deployment Project
From: "gangadhar npk" <phani () myrealbox com>
Date: Tue, 02 Sep 2003 16:44:27 +0550
hi all,
The idea of a tactical honeynet project is interesting.Here are few of my thoughts.
- To make the honeypot more of a tactical resource, would, the possibility of *learning* from an actual system be
feasible.
Suppose we have a simple honeynet with a box, which matches the production system to the dot, except for the
data. A blackhat breaks in and does something more than the simple set of commands, this is the course of action we
(the tactical honeynet) needs to understand. Since these actions donot form part of the normal operations (assume that
the honeynet knows this) the honeynet now *learns* the set of actions which *can* be done.
The different honeynets across, can share the data of the *normal* actions possible on different kinds of systems
so that any mis-aligned action can trigger the tactical honeynet into the combat mode.
It may be that this idea might not fall under the purview of honeynets per se, but I wanted to know if such a
modelling would be possible at all.
gangadhar
Michael Anuzis <michael_anuzis hotmail com> Wrote:
Dear honeynet community, This e-mail is to inform anyone interested of the >establishment of the Tactical Honeynet Deployment Project ( >http://www.thdp.org ).
Currently there are several honeynet and honeypot >projects in existance and I think everyone would agree with me if I said: "it >seems like the last thing the honeynet research community needs is >another project doing the same old thing..." but at the same time I think we >can each agree honeynet research has been struggling as of late. Something >has been missing. Script-kids are the only ones getting "caught", >or "biting the bait" so to speak. The Tactical Honeynet Deployment Project, with >a complete focus on the concepts of deception, psychology, and control, >hopes to transform the honeypot from a tool hacked only by neophyte script->kids, to a more advanced system of deployment that will be capable of studying >the more sophisticated class of blackhats.
As of now, our project is just being established and >we have very few members. For this reason, if you have been in the >study of honeynet research for a while and are ready to take your honeynet >designs to the next level, we would be interested in sharing your insights in >our project's pages.
If our project's website (available at >http://www.thdp.org) sounds like something you would be interested in participating >in, it would be a great opportunity for us to work together in making today's >limited honeynet implementations into something more.
Regards,
Michael Anuzis, CCNA Network Security Consultant Mobile: 248.376.7030 CTO, Advanced DataTactics, Inc. CTO, Advanced InfoTactics, Inc. Project Coordinator: http://www.thdp.org
Current thread:
- Re: Introducing the Tactical Honeynet Deployment Project, (continued)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Brenton (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Tom Britten (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Thomas Jones (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Valdis . Kletnieks (Sep 01)
- Re: Introducing the Tactical Honeynet Deployment Project Scott Garman (Sep 02)
- Re: Introducing the Tactical Honeynet Deployment Project Chris Reining (Sep 02)